Clawng Term Memory
ReviewAudited by ClawScan on May 10, 2026.
Overview
This skill coherently backs up agent memory, but it asks the agent to automatically commit and push sensitive memory, rules, and installed skills to GitHub and to propagate shared memory across agents with limited review.
Install only if you intentionally want your agent's memory, rules, identity files, and possibly installed skills stored in a private GitHub repository. Review diffs before pushing, avoid storing secrets in memory files, prefer SSH or an OS-backed credential manager, secure or remove the /tmp merge output, and do not enable the automatic synthesis job until you have review and rollback controls.
Findings (6)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent may push memory or rule changes to GitHub whenever it edits core files, even when the user expected only a local change.
This makes a Git push action mandatory after edits to core knowledge files, rather than requiring per-change user confirmation or allowing an explicit local-only edit.
Always run the commit script after modifying a core knowledge file. Write → commit → push. Every time, no exceptions.
Make commit and push opt-in or confirmation-gated, and explicitly respect user instructions such as 'do not push this change.'
A memory backup could also persist and upload changes to installed skills or operating rules, affecting future agent behavior and remote history.
The script stages broad agent state, including all installed skills, and pushes it to the configured Git remote without a built-in diff review or confirmation step.
git add SOUL.md MEMORY.md USER.md TOOLS.md IDENTITY.md AGENTS.md HEARTBEAT.md memory/ skills/ .gitignore ...; git push origin $AGENT_BRANCH
Add a dry-run/diff step, require explicit approval before push, and consider making skills/ tracking a separate opt-in path with exclusions.
GitHub credentials or SSH keys used here can write to the backup repository and preserve sensitive agent state.
The skill requires GitHub write access for its stated backup purpose. That authority is expected, but it is still an account credential boundary users should scope carefully.
git remote add origin git@github.com:<user>/<repo>.git ... git config credential.helper store
Prefer a repo-scoped SSH deploy key or least-privilege token, and avoid using broad personal credentials.
Private memory contents may be left in temporary files or exposed through command output/logs on the local machine.
The merge script collects all agents' MEMORY.md contents into a /tmp file and prints the combined memory. The artifact does not show restrictive permissions, cleanup on success, or log-safety controls.
STAGING_DIR="/tmp/clawng-merge-$$" ... echo "$memory" >> "$STAGING_DIR/all-memories.txt" ... cat "$STAGING_DIR/all-memories.txt"
Use mktemp with a private 0700 directory, add trap-based cleanup, avoid printing full memories by default, and redact or exclude secrets.
A bad, poisoned, or overly private memory entry from one machine could spread to every synced agent and influence future behavior.
Memory from any agent branch can flow into an authoritative shared memory file that all agents later consume, with no review, provenance, or quarantine controls described.
A daily AI synthesis job reads all agents' memories and writes one authoritative SHARED_MEMORY.md to main — fully automatic, no human required ... All agents read SHARED_MEMORY.md from main to stay in sync
Require review before updating SHARED_MEMORY.md, record source provenance, use branch protections, and quarantine untrusted or conflicting entries.
Users may expose GitHub tokens or passwords on disk while believing they are securely stored.
Git's credential.helper store saves credentials in a local plaintext file, so describing it as secure can lead users to trust a weaker credential-storage method than intended.
git config credential.helper store # Git will prompt for credentials on first push and store them securely
Correct the documentation and recommend SSH keys or an OS-backed Git credential manager instead of credential.helper store.