v0.1.2

Mnemon Memory

ReviewClawScan verdict for this skill. Analyzed May 1, 2026, 5:56 AM.

Analysis

The memory feature is coherent, but installation adds persistent OpenClaw hooks and plugins that can influence the agent on every message, so it should be reviewed before use.

GuidanceBefore installing, confirm you trust the mnemon binary source, review the files it creates in ~/.openclaw and ~/.mnemon, and decide whether always-on remind/nudge behavior is appropriate. Do not store passwords, tokens, or other secrets in memory.

Findings (3)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Agentic Supply Chain Vulnerabilities

SeverityMediumConfidenceMediumStatusConcern

SKILL.md

go install github.com/mnemon-dev/mnemon@latest ... mnemon setup --target openclaw --yes

The skill asks the user to install an external, latest-version CLI and then run a setup command that deploys OpenClaw components. Because those installed hook/plugin contents are not present in the artifact, the installer has meaningful control over the agent environment.

User impactInstalling or updating the external CLI could change what code or prompts are added to the user's OpenClaw setup.

RecommendationPrefer a pinned version, review the installed files under ~/.openclaw and ~/.mnemon after setup, and only run the setup command if you trust the external package source.

Rogue Agents

SeverityMediumConfidenceHighStatusConcern

SKILL.md

Hook → `~/.openclaw/hooks/mnemon-prime/` (agent:bootstrap — injects behavioral guide) ... Plugin → `~/.openclaw/extensions/mnemon/` (remind, nudge, compact hooks)

The setup creates persistent OpenClaw hooks and extensions, including a bootstrap behavior guide and message-time plugins, which continue operating after installation rather than only during a single explicit command.

User impactThe agent may receive ongoing reminders or behavioral guidance from this memory system in future conversations.

RecommendationInspect the generated hook, extension, and prompt files; disable features you do not want in ~/.openclaw/openclaw.json; and use the documented eject command if you decide not to keep it.

Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Memory and Context Poisoning

SeverityMediumConfidenceHighStatusNote

SKILL.md

`remind` | on | Recall relevant memories + remind agent on each message ... Do not store secrets, passwords, or tokens.

The skill stores persistent memories and can automatically reintroduce relevant memories into future agent context. The artifact includes a guardrail against storing secrets, but users still need to treat saved memories as durable influence on future tasks.

User impactIncorrect, sensitive, or outdated memories could be recalled later and influence the agent's answers or actions.

RecommendationStore only non-secret information, periodically review or delete memories with recall/search/forget, and consider disabling automatic reminders if you want manual-only recall.