Memory Setup 1.0.0
Security checks across static analysis, malware telemetry, and agentic risk
Overview
This instruction-only skill is aligned with setting up persistent memory, but users should understand it can make past conversations and memory files searchable and may involve external embedding providers.
This looks safe to use as a memory setup guide, but review the memorySearch sources before enabling them. If you include sessions, past conversations can be indexed and recalled later. Prefer the local provider for sensitive work, or use external API keys only after reviewing what content may be sent to the embedding provider.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Past chats and curated memory notes may be reused in future conversations, so sensitive or incorrect information could be recalled later.
The skill explicitly enables persistent, real-time memory search over memory files and past conversation transcripts, and suggests future agents use that memory for answers.
"sources": ["memory", "sessions"], "indexMode": "hot" ... `sessions` — Past conversation transcripts ... "Before answering questions about prior work... Run memory_search"
Only enable session indexing if you are comfortable with prior conversations being searchable; keep secrets out of memory files and periodically review or prune stored memory.
If configured with Voyage or OpenAI, memory indexing may depend on third-party API credentials and provider handling of submitted text.
The skill may require provider API keys for external embedding services. This is purpose-aligned, but users should notice the credential and provider boundary.
`voyage` — Voyage AI embeddings (recommended) ... `openai` — OpenAI embeddings ... Voyage: Set `VOYAGE_API_KEY` ... OpenAI: Set `OPENAI_API_KEY`
Use a dedicated provider key if possible, review the provider's data policy, or choose the local provider when sensitive memory should not leave the machine.