Auto Chatlog
SuspiciousAudited by ClawScan on May 10, 2026.
Overview
This is a coherent chat-memory skill, but it asks the agent to automatically persist and reload conversation notes, including credential details, without clear user control or safe scoping.
Install only if you are comfortable with automatic local memory files being read and updated across sessions. Do not share secrets while this skill is active unless you first change the rules to redact credentials, and periodically review or delete MEMORY.md and memory/ entries. If using the helper script, validate the --date handling before relying on it.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Passwords, tokens, or account configuration mentioned in chat could become long-term agent context and be reused in later sessions.
The skill tells the agent to record credential/configuration details into persistent MEMORY.md. For an automatic chatlog skill, this is overbroad unless secrets are explicitly excluded, redacted, and user-approved.
主人给了凭证/配置 | 凭证信息(注意安全) | MEMORY.md(凭证单独标注) ... 新增凭证明细时(加到凭证信息章节)
Do not store plaintext secrets in MEMORY.md. Require explicit user approval, redact credential values, and store only references to a proper secret manager or vault.
Private notes, stale facts, or poisoned memory entries could influence future responses, and sensitive conversation history may persist longer than the user expects.
The skill creates automatic cross-session memory that is read before replies and written at conversation milestones. The artifacts do not define clear retention, review, deletion, trust boundaries, or sensitive-data exclusions.
每次主人说话时,自动读取最近 3 天的 `memory/` 文件,以及 `MEMORY.md` ... 在以下时机自动写入记忆
Make memory opt-in or confirm before writing sensitive entries, provide review/delete controls, limit what is loaded into context, and treat stored notes as untrusted user-editable data.
If the helper is invoked with a malicious or mistaken date argument, it may write a file in an unintended local path.
The documented --date value is used directly in a file path without validating the YYYY-MM-DD format or rejecting path separators. A malformed argument containing traversal could create an unexpected .md file outside the intended memory directory.
const today = dateIdx >= 0 && args[dateIdx + 1] ? args[dateIdx + 1] : getToday(); ... const filePath = path.join(MEMORY_DIR, `${today}.md`); ... fs.writeFileSync(filePath, content, 'utf-8');Validate --date with a strict date regex, resolve the final path, and reject any path that is not inside the memory directory.
A scheduled setup could continue creating or checking memory files even when the user is not actively using the skill.
The cron option is disclosed and user-directed, but it is still a persistence mechanism that can keep updating memory outside an active conversation if the user configures it.
使用方法:在认为需要"记住此刻"时手动触发,或由 crontab 定时调用。
Only configure cron if you want background memory snapshots, and document how to disable or remove the scheduled job.