Memory Management (PARA)
Security checks across static analysis, malware telemetry, and agentic risk
Overview
This instruction-only memory skill is coherent, but it asks the agent to rewrite long-term memory and behavior files, optionally on an automated schedule, so users should review changes before enabling it.
Install only if you want the agent to maintain long-term OpenClaw memory. Before enabling automation, make sure it produces reviewable diffs, preserves backups, and asks before updating core files such as USER.md, SOUL.md, TOOLS.md, IDENTITY.md, and MEMORY.md or deleting processed logs.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A mistaken or prompt-injected log entry could become a durable memory, preference, rule, or tool instruction that affects future sessions.
The skill instructs the agent to convert raw memory logs into persistent user-profile, identity, behavior-rule, and tool-configuration files. Those files can shape future agent behavior, but the artifacts do not require confirmation, provenance labels, or filtering of untrusted or misleading log content.
用户的偏好 → `USER.md`; 你的行为准则/教训 → `SOUL.md`; 你的环境参数/工具配置 → `TOOLS.md`; 你的身份定义 → `IDENTITY.md`
Require user-visible diffs and confirmation before updating USER.md, SOUL.md, TOOLS.md, IDENTITY.md, or MEMORY.md; preserve provenance and avoid treating raw log instructions as authoritative unless explicitly confirmed.
If the agent summarizes something incorrectly, that error can spread across the memory system while the original working log is removed from its inbox location.
A single distillation pass can update multiple persistent memory files, update the global index, archive logs, and delete the original inbox copies. The artifacts do not describe backups, rollback, or user approval before these cascading changes.
对 `memory/` 目录下所有已处理(已完成提纯并成功写入)的 `YYYY-MM-DD.md` 文件...追加到 `PARA/ARCHIVES/YYYY-MM-DD.md`...确认追加成功后,**删除**原 `memory/YYYY-MM-DD.md` 文件...基于...所有修改...更新 `MEMORY.md`
Keep backups, show proposed changes as diffs, and require approval before deleting source logs or updating the global memory index.
Automated use could silently change persistent memory files on a schedule.
The README suggests scheduled autonomous use. This is disclosed and aligned with the maintenance purpose, but it means memory changes may happen without a manual prompt each time if the user enables it.
Integrate into your `HEARTBEAT.md` for automated nightly distillation.
Only enable HEARTBEAT automation if you want scheduled memory maintenance; otherwise keep the skill manually invoked or require confirmation for each run.