Three Tier Memory V2
PendingStatic analysis audit pending.
Overview
No static analysis result has been recorded yet. Pattern checks will appear here once the artifact has been analyzed.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Sensitive or malicious prior content could be saved locally and later brought back into the agent's context, influencing future responses or exposing past details.
The skill is designed to persist memory and inject retrieved content into later conversations. The artifacts do not show retention, deletion, user-approval, or trust-boundary controls for those memories.
长期 | `memory/vector-store/` | 语义检索 | 永久记忆,RAG ... 新对话开始:先 `search` 长期记忆,注入相关上下文
Use explicit confirmation before writing long-term memory, add review/delete/expiry controls, and instruct the agent to treat retrieved memories as untrusted reference data rather than authoritative instructions.
Memory files may be created in an unexpected local location, which could confuse users or mix memory state across environments.
The script writes memory files under a configurable workspace, but the default is an absolute, user-specific path that may be unexpected if WORKSPACE_DIR is not set.
WORKSPACE_DIR = Path(os.environ.get('WORKSPACE_DIR', '/Users/scott/.openclaw/workspace'))
MEMORY_DIR = WORKSPACE_DIR / 'memory'Set and document WORKSPACE_DIR before use, and declare the memory/config paths in the skill metadata.
Users may install an unspecified package version manually, and package behavior can change over time.
Long-term memory depends on ChromaDB, but the provided artifacts include no install spec or pinned dependency version.
print("✗ 需要安装 chromadb: pip install chromadb")Provide a pinned dependency/install spec and review ChromaDB behavior before enabling long-term memory.