ClawHub

Agent Memory Manager

ReviewAudited by ClawScan on May 10, 2026.

Overview

This is a coherent local memory tool, but it persistently retains sensitive client and trade information and its removal workflow archives rather than clearly deletes records.

Install only if you want the agent to keep long-term local memory. Before use, verify the script path, review what is stored under /workspace/memory, avoid saving secrets or regulated personal data, and add a real delete/purge process if contacts or projects must be forgotten.

Findings (2)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Medium
#ASI06: Memory and Context Poisoning
What this means

Client details, trade history, decisions, and lessons may remain available to future agent sessions and influence future work even when the user expected information to be forgotten.

Why it was flagged

The skill is designed to persist sensitive personal, business, and trading context across sessions, and its removal workflow appears to archive records instead of clearly deleting them.

Skill content
"Every client, every trade, every decision, every lesson is stored" ... "email": "jean@acme.io", "linkedin": "linkedin.com/in/jeandupont" ... "Contact explicitly asked to be removed" ... "archive"
Recommendation

Use only with data you are comfortable storing long term, add an explicit delete/purge workflow, define retention rules, and require confirmation before saving sensitive client, financial, or personal information.

Low
#ASI04: Agentic Supply Chain Vulnerabilities
What this means

Following the documented command may fail or, if a different file exists at that path, may run code that was not the reviewed package file.

Why it was flagged

The documented command targets /workspace/memory/scripts/memory_manager.py, but the supplied manifest provides memory_manager.py at the package root and there is no install spec placing it at that path.

Skill content
python3 /workspace/memory/scripts/memory_manager.py remember
Recommendation

Package the helper script at the documented path or update the instructions to use the provided file path, and avoid running any pre-existing local script with the same name unless it has been reviewed.