Memory Hygiene
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If followed automatically or too casually, the user could lose all Clawdbot vector memories.
This is a destructive shell command that removes the entire LanceDB vector-memory directory. It is related to the skill purpose, but the artifact does not describe confirmation, backup, dry-run, or recovery steps before deletion.
**Wipe:** Clear all vector memory ```bash rm -rf ~/.clawdbot/memory/lancedb/ ``` Then restart gateway: `clawdbot gateway restart`
Require explicit user confirmation before wiping, back up the memory directory first, and prefer an audit or selective-delete workflow when possible.
A scheduled agent job could keep deleting and rebuilding memory each month, potentially removing useful memories without the user noticing.
The skill instructs creation of a persistent scheduled job that repeatedly performs a destructive wipe and reseed of memory. The automation is disclosed and purpose-aligned, but it lacks per-run approval, removal instructions, or rollback guidance.
## Monthly Maintenance Cron
Set up a monthly wipe + reseed:
```
cron action=add job={
"name": "memory-maintenance",
"schedule": "0 4 1 * *",
"text": "Monthly memory maintenance: 1) Wipe ~/.clawdbot/memory/lancedb/ 2) Parse MEMORY.md 3) Store key facts to fresh LanceDB 4) Report completion"
}
```Only add the cron job after an explicit user request, include instructions to disable it, and add backup/confirmation steps before each wipe.
Sensitive facts stored in memory may be recalled into future agent context, reused incorrectly, or exposed to later tasks.
The skill works directly with persistent vector memory and suggests storing account, credential-location, and contact facts. It also warns not to store OAuth URLs or tokens, which reduces but does not eliminate sensitivity.
memory_recall query="*" limit=50 ... ✅ Store: - Important facts (accounts, credentials locations, contacts) ... ❌ Never store: - OAuth URLs or tokens
Store only minimal non-secret facts, avoid actual credentials or highly sensitive locations unless necessary, and review memory contents periodically.