Three Tier Memory
SuspiciousAudited by ClawScan on May 10, 2026.
Overview
This is a coherent memory-management skill, but it persistently stores conversation data and can send it to an external LLM using a local provider key that is not clearly declared.
Review this skill carefully before installing. Do not enable the hook or run automatic summaries unless you are comfortable with conversation details being stored locally and potentially sent to BigModel/Zhipu using your local OpenClaw provider key. Look for clear deletion, retention, redaction, and opt-out controls before using it with sensitive conversations.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The skill may use the user's existing Zhipu/BigModel account key for summaries, which could expose data to that provider and consume account quota or billing.
The script reads a locally stored OpenClaw provider API key even though the registry metadata declares no primary credential or required environment variable.
config_path = Path.home() / '.openclaw' / 'openclaw.json' ... zhipu_cfg = providers.get('zhipu', {}) ... api_key = zhipu_cfg['apiKey']Declare the credential requirement explicitly, ask before using a global provider key, and provide a clear local-only or no-LLM mode.
Private conversation content, preferences, or personal facts stored in memory may be transmitted to BigModel/Zhipu during summarization.
Conversation-derived text is packaged into a prompt and sent to an external LLM provider using the local API key.
conversation_text = "\n".join([...]); api_url = "https://open.bigmodel.cn/api/paas/v4/chat/completions"; "Authorization": f"Bearer {api_key}"Make external transmission explicit before each automatic summary, allow redaction and provider selection, and document exactly what conversation content is sent.
Sensitive or incorrect conversation details can become persistent memory and later be retrieved or reused by the agent.
The skill documents unbounded medium- and long-term memory plus automatic conversation saving, but does not describe retention, deletion, validation, or trust boundaries.
中期 | summaries/ | Token阈值/摘要 | 无限 ... 长期 | vector-store/ | 语义检索 | 无限 ... `session:end` → 自动保存对话
Add explicit controls for what is saved, review before promoting memories, retention limits, deletion/export commands, and warnings for sensitive conversations.
Users cannot verify how the advertised session-end auto-save hook works from the supplied artifacts.
The documentation claims a hook is included, but the provided manifest lists only SKILL.md, references/references.md, and scripts/memory_manager.py, so the claimed automatic hook implementation is absent from review.
已包含 `hooks/memory-manager-hook/` ... openclaw hooks enable memory-manager-hook
Include the hook files in the package and manifest, or remove the hook claim and clearly state that automatic session capture is not installed.