Auto Memory
WarnAudited by ClawScan on May 10, 2026.
Overview
This is a plausible memory helper, but it automatically persists and indexes chat history, can share derived notes across agents, and includes LLM/API-key use that is not clearly bounded or consistently protected by the promised redaction.
Review the scripts before installing. Only enable heartbeat automation if you are comfortable with OpenClaw chat history being stored and indexed under ~/.openclaw. Do not use it with secrets unless redaction is actually implemented and tested, verify where LLM summaries are sent, and confirm or remove the missing update-long-memory.sh workflow.
Findings (6)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Private or sensitive conversation content may become persistent, searchable agent memory and can influence future answers even after the original chat is over.
The script automatically reads recent chat session JSONL files, appends selected user/assistant content to persistent memory files, and indexes that memory for future retrieval.
RECENT_SESSION=$(find "$SESSIONS_DIR" -name "*.jsonl" -mmin -360 2>/dev/null | head -1) ... with open(output_file, 'a') as f: ... openclaw memory index --agent "$AGENT_ID"
Only enable this if you want chat history stored as memory; add explicit opt-in, path limits, redaction before storage/indexing, retention/deletion controls, and a way to review captured content.
Running this helper can use the user's LLM provider credentials and may incur API usage or send memory content to the configured provider endpoint.
The included summarizer reads the local OpenClaw provider configuration and uses the configured API key, but the registry metadata declares no credentials or required config paths.
config_file = os.path.expanduser("~/.openclaw/openclaw.json") ... api_key = provider.get('apiKey', '') ... headers={ "Authorization": f"Bearer {api_key}", "Content-Type": "application/json" }Declare this credential/config access clearly, require user confirmation before provider calls, and document exactly what content is sent and to which endpoint.
Users may trust the skill with secrets because it claims redaction, while the included implementation does not consistently demonstrate that protection.
The documentation promises automatic sensitive-data redaction before LLM use, but the provided scripts show memory content being persisted and the summarizer sending recent memory content to a provider without a visible redaction step.
🔒 敏感信息保护 | 自动检测并脱敏 API Key、Token、密码等 ... 2. 发送给 LLM 前脱敏
Implement and test redaction in every path before writing memory or making LLM calls, or remove/qualify the privacy claim so users can make an informed choice.
Incorrect, sensitive, or prompt-injection-like content from one conversation could be carried into shared memory and affect later agents or sessions.
The script writes automatically detected errors and best-practice snippets into a shared learnings area, allowing one session's extracted content to propagate beyond the originating agent/workspace.
SHARED_LEARNINGS="$HOME/.openclaw/workspace/.learnings/shared" ... with open(shared_errors, 'a') as f: ... with open(shared_best, 'a') as f:
Make cross-agent sharing opt-in, redact shared entries, label their source, and require review before shared memories are reused.
If enabled in HEARTBEAT.md, memory updates may keep running automatically rather than only when manually requested.
The skill explicitly documents heartbeat-triggered automatic memory updates; this is aligned with the stated purpose but creates continuing background-like behavior once configured.
## 配置 HEARTBEAT.md ... ~/.openclaw/scripts/extract-memory.sh main ... ~/.openclaw/scripts/update-long-memory.sh main
Enable heartbeat automation only if you want ongoing memory capture, and document how to disable it and clean up generated memory/index files.
Users may need to obtain or create an unreviewed helper script to follow the documented setup.
The documentation instructs users to install and run update-long-memory.sh, but that file is not in the provided manifest and there is no install spec, leaving part of the intended workflow outside the reviewed artifacts.
# update-long-memory.sh ... chmod +x ~/.openclaw/scripts/update-long-memory.sh
Include all referenced scripts in the package or remove the instruction, and provide an install spec that matches the reviewed files.