EngramClaw
Security checks across static analysis, malware telemetry, and agentic risk
Overview
EngramClaw is a coherent persistent-memory skill; the main things to notice are that it installs external memory/MCP tools and lets the agent proactively save and reuse session context.
This skill appears purpose-aligned and not malicious from the provided artifacts. Install it only if you want the agent to maintain persistent technical memory across sessions, and be mindful that saved summaries, preferences, decisions, and project notes can influence future work.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Information saved in Engram may be reused later by the agent, which is useful but can also preserve stale, sensitive, or mistaken context.
The skill intentionally stores and retrieves memory across sessions, so prior saved content can shape future agent behavior.
Engram te da memoria persistente entre sesiones. Recuerdas bugfixes, decisiones de arquitectura, patrones y descubrimientos de conversaciones previas.
Use project-specific memory where possible, avoid saving secrets or private details, and periodically review or delete outdated memories.
The agent may store technical decisions, discoveries, or session summaries without asking every time.
The agent is instructed to save memories proactively rather than only after explicit user requests.
NO esperes a que te pidan guardar → Decide proactivamente.
Before installing, make sure you are comfortable with proactive memory saving, and instruct the agent not to store sensitive or personal information if that matters for your workflow.
Installing global command-line tools gives those tools local execution ability on your machine.
The setup documentation includes installing an external global npm package as one supported installation path.
npm install -g mcporter
Install MCPorter and Engram only from trusted sources, and prefer reviewed or pinned package versions where your environment requires stronger supply-chain controls.
The agent will communicate with a local MCP memory backend to save, search, update, and delete memories.
The skill registers Engram as an MCP server accessed through MCPorter, creating a local agent-to-tool communication channel.
mcporter config add engram --stdio "engram mcp"
Only register MCP servers you trust, and keep the memory backend scoped to projects or workflows where persistent context is intended.