Looki Memory
PassAudited by VirusTotal on May 11, 2026.
Overview
Type: OpenClaw Skill Name: looki-memory Version: 1.0.3 The looki-memory skill provides an interface for an AI agent to access personal memory data from a Looki L1 wearable device. It follows standard practices for API integration, including storing credentials in a local config file (~/.config/looki/credentials.json) and using an API key for authentication. The SKILL.md file includes explicit security instructions for the agent to prevent credential leakage and validate the user-provided base_url against a verification endpoint (open.looki.ai). No evidence of malicious intent, data exfiltration to unauthorized parties, or harmful prompt injection was found.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Installing and using the skill can let the assistant access whatever the Looki API key is authorized to retrieve.
The skill handles an API key and account endpoint, giving the agent delegated access to the user's Looki account.
On first use, check if this file exists. If it does, read `base_url` and `api_key` from it. If it does not, ask the user for both values and offer to save them to this file.
Use a dedicated or revocable Looki API key if possible, confirm the base URL, and remove the local credentials file if you stop using the skill.
Responses generated with this skill could reveal private real-world context about you or people around you.
The skill is designed to retrieve persistent, real-world personal memory data that may include locations, relationships, activities, images, video, or audio.
Looki gives you a digital memory captured by the Looki L1 wearable, which sees and hears moments throughout your day... the places you went, the people you met, and the things you did
Invoke the skill only when that context is needed, prefer narrow date/topic requests, and avoid sharing generated outputs that include private memory details.
You have less external information to confirm who maintains the skill or whether the documented Looki integration is official.
The registry metadata does not provide a public source or homepage for independently verifying this instruction-only integration.
Source: unknown; Homepage: none
Verify the Looki service, base URL, and API key source through trusted channels before providing credentials.