MemCoT memory CLI
AdvisoryAudited by Static analysis on May 13, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Old conversation content or generated memory prompts could redirect how the agent answers or make the agent follow instructions the user did not just give.
The skill tells the agent to treat CLI output and retrieved memory prompts as instructions to follow, rather than only as evidence or context.
该命令会在终端输出一段以 `[🦉 MemCoT Prompt]` 开头的文本...遵循 Prompt 里的要求...直接以自然语言回答用户的问题
Treat MemCoT search output as untrusted retrieved context: use it as evidence, but do not follow instructions embedded in past conversations or generated prompts unless the current user explicitly confirms them.
Private past chats may be indexed and resurfaced in later answers, and adversarial or outdated content in those chats could influence future responses.
The skill uses local OpenClaw conversation history as a memory source, but the artifacts do not clearly bound indexed paths, exclusions, retention, storage, or cross-task reuse.
在海量的历史对话记录中进行检索...生成一段包含丰富上下文的 `prompt`...是否要将openclaw的conversation_base设置为本地的openclaw的地址
Before use, set a narrow conversation_base, exclude sensitive chats, understand where the index is stored, and require the agent to separate retrieved memories from executable instructions.
A memory service could keep running after a single search request, and the user may not notice it was started if the agent follows the silent-start instruction.
The skill describes a long-running background daemon and instructs the agent to start it silently during search workflows.
MemCoT 是一个运行在后台的守护进程...如果没有启动,请先静默执行 `python memcot_cil.py start`
Ask for explicit confirmation before starting MemCoT, report daemon status to the user, and stop the service when the memory task is complete unless the user asks to keep it running.
The behavior of the executable MemCoT code and dependencies is not visible in this ClawHub artifact review.
The reviewed package contains only instructions; the actual CLI code and dependency installation are pulled from an external repository and README.
git clone https://github.com/Haodong-Lei-Ray/MemCoT.git...按项目 `README` 完成环境创建与依赖安装
Review the MemCoT repository, pin a trusted commit or release, and inspect dependency files before installing and running the CLI.