memory-compact

ReviewAudited by ClawScan on May 1, 2026.

Overview

This skill’s code matches its stated local memory-backup purpose, but it should be installed with awareness that it can automatically rewrite long-term memory files on a schedule.

Before installing, confirm you want a daily job that reads your OpenClaw memory files, appends selected lines to MEMORY.md, and moves originals into backup/memory. After enabling it, periodically review MEMORY.md and know how to remove the cron schedule if you no longer want automatic memory compaction.

Findings (3)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Medium

#ASI06: Memory and Context Poisoning

What this means

Items from conversation memory may be carried forward into future long-term memory without manual review.

Why it was flagged

The skill promotes selected content from daily memory files into a persistent long-term memory file, which is the expected purpose but can preserve incorrect or injected content if the source memory contains it.

Skill content

1. 读取 memory/YYYY-MM-DD.md（最新的一天）
2. 提取 2-3 个关键点（基于关键词匹配）
3. 写入 MEMORY.md（极致简洁格式）

Recommendation

Periodically inspect MEMORY.md and the backup files, and remove any extracted points that are wrong, overly sensitive, or should not influence future agent behavior.

Low

#ASI10: Rogue Agents

What this means

If the cron job is added, the skill will keep running daily until the schedule is disabled or removed.

Why it was flagged

The documentation shows an enabled daily cron schedule that triggers an agent turn to run the memory backup script. This is disclosed and purpose-aligned, but it is recurring automation.

Skill content

"expr": "30 6 * * *",
"payload": {
  "kind": "agentTurn",
  "message": "运行 /root/.openclaw/workspace/skills/memory-compact/wrapper.py 脚本处理每日记忆备份",
  "timeoutSeconds": 60
},
"enabled": true

Recommendation

Enable the cron job only if you want automatic daily memory compaction, and keep a record of how to disable or remove the scheduled job.

Low

#ASI09: Human-Agent Trust Exploitation

What this means

A user may over-trust the documentation’s “no risk” language and miss that the wrapper does execute a local Python subprocess.

Why it was flagged

The wrapper’s safety comment says it does not contain subprocess, but the code imports and uses subprocess to run the included script. The invocation is fixed and local, so this is not evidence of malicious behavior, but the safety wording is overconfident and contradictory.

Skill content

安全说明：
- 此包装器不执行任何危险操作
- 仅调用同一目录下的 memory_backup.py 脚本
- 不包含 eval、exec、subprocess 等危险函数
...
import subprocess
...
result = subprocess.run(

Recommendation

Treat broad safety claims as documentation, not proof; review the included Python files and understand that invoking the skill runs local code.