ClawHub
Back to skill
v1.0.0

Cross-Platform Memory Bridge

ReviewClawScan verdict for this skill. Analyzed May 1, 2026, 8:32 AM.

Analysis

The skill is transparent about its memory-bridging purpose, but it automatically places private Telegram, Discord, and local memory content into every agent request as system-level context.

GuidanceReview carefully before installing. This skill appears to do what it claims, but it gives the agent broad memory from local OpenClaw logs, Telegram, Discord, and workspace notes. Only use it if you are comfortable with those messages being included in model/gateway context, and consider adding channel scoping, redaction, and untrusted-memory safeguards before wiring it into your chat API.

Findings (3)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Agent Goal Hijack
SeverityHighConfidenceHighStatusConcern
SKILL.md
const messages = memoryContext
  ? [{ role: 'system' as const, content: memoryContext }, { role: 'user' as const, content: message }]

The setup places retrieved memory content into a system-role message, which can make prior chat text or notes more authoritative than the current user request.

User impactA prompt-like message saved in Telegram, Discord, or memory notes could influence the agent across later conversations because it is injected as system context.
RecommendationTreat retrieved conversations and notes as untrusted reference material, not system instructions; place them in a clearly delimited lower-priority context and add rules telling the agent not to follow instructions from memory.
Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Memory and Context Poisoning
SeverityHighConfidenceHighStatusConcern
SKILL.md
Reads recent user messages from Telegram and Discord session logs and injects them into the agent's memory context on every gateway request.

The skill intentionally reuses recent cross-platform conversation logs as agent memory on every request, creating a persistent context channel that can be poisoned by prior messages.

User impactOld or maliciously crafted messages can affect future responses, and private conversation history may be sent to the gateway/model even when the current task does not need it.
RecommendationLimit memory injection to user-approved requests, summarize or filter stored content, exclude commands/instructions from remembered messages, and provide easy per-channel opt-out and deletion controls.
Insecure Inter-Agent Communication
SeverityMediumConfidenceHighStatusConcern
SKILL.md
When the agent receives a message (via any channel), this bridge reads: 1. Telegram messages ... 2. Discord messages ... 3. Local memory files

The artifacts describe cross-channel data reuse for any incoming channel, but do not define participant, channel, consent, or disclosure boundaries.

User impactInformation from one platform, such as Discord, could influence or be revealed during a response on another platform, such as Telegram, without a per-channel check.
RecommendationScope memory by channel, workspace, and participant; require explicit approval before using content from another platform; and redact sensitive content before adding it to the gateway context.