Persistent Agent Memory 1.0.1
ReviewAudited by ClawScan on May 10, 2026.
Overview
This disclosed memory integration sends persistent memories to Coral Bricks, but the package’s documented executable tools are not included, so it needs review before use.
Install only if you trust Coral Bricks and can verify the missing helper commands from a legitimate source. Avoid storing secrets or highly sensitive information, and use a dedicated Coral API key.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent may try to run helper commands that are not part of the reviewed package, reducing confidence in what code would actually handle memories and the API key.
The skill defines runtime commands under a scripts/ directory, but the supplied manifest contains only SKILL.md and _meta.json with no code files or install spec. The helper implementation is therefore missing from review and could fail or be resolved from an unexpected source.
scripts/coral_store "text to store" [metadata_json]
Do not install until the package includes the referenced scripts or replaces them with fully declared, reviewable commands and consistent install instructions.
Sensitive, stale, or misleading memories could be retrieved in later tasks, especially because everything uses the default collection.
The skill clearly stores long-lived memories and retrieves them later by semantic similarity. This is purpose-aligned, but it means stored text can influence future sessions.
All memories are stored in the default collection; collections are not exposed to the agent ... Stored memories persist across sessions
Store only necessary information, avoid secrets or regulated data, and periodically delete memories that should not influence future work.
Anyone or any code using this environment variable may be able to access the Coral Bricks account or memory API allowed by that key.
The skill requires a Coral API key, which is expected for a Coral Bricks memory service integration.
"requires": { "env": ["CORAL_API_KEY"], "bins": ["curl", "python3"] }Use a dedicated, least-privilege API key if available, keep it out of shared shells and logs, and rotate it if the runtime environment is not trusted.