Agent Memory Layer
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: agent-memory-layer Version: 1.0.0 The skill bundle implements a legitimate three-tier memory system (short-term, long-term, and episodic), but contains a path traversal vulnerability. In 'scripts/memory_layer.py' and 'scripts/consolidate.py', the 'agent_id' parameter is used to construct file paths (e.g., Path(storage_dir) / agent_id) without any sanitization. This could allow an attacker to influence the agent to read from or overwrite sensitive files outside the intended directory by providing a crafted ID like '../../etc/passwd'.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Information saved as long-term memory may remain on disk and influence future agent responses until the stored files are removed or managed.
The library stores long-term memory to a persistent local JSON file under .agent_memory, so content provided to the memory layer can be retained and reused later.
base = storage_dir or Path(f".agent_memory/{agent_id}") ... self.long_term = LongTermMemory(base / "long_term.json")Avoid storing secrets or highly sensitive personal data in agent memory, and periodically review or delete the .agent_memory directory if persistence is not desired.
If configured as a scheduled job, the skill could keep updating long-term memory without direct interaction each time.
The script is documented as something a user may run periodically to promote memories, which is aligned with the memory purpose but introduces background persistence if the user configures cron.
Consolidation daemon — promotes recurring episodic memories to long-term. Run periodically via cron.
Only schedule the consolidation script if you want automatic memory promotion, and make sure you know where the memory files are stored.