Self Memory Manager
ReviewAudited by ClawScan on May 10, 2026.
Overview
This memory-management skill is mostly coherent, but it asks the agent to persist account/API details and copy OpenClaw configuration into a Desktop memory folder without clear limits or redaction.
Use this only if you are comfortable with the agent maintaining local memory files. Before installing, change the workflow so it asks before saving, never stores passwords/tokens/account details, does not copy ~/.openclaw/openclaw.json, and gives you an easy way to review and delete saved notes.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent could save information into local files without the user realizing exactly what was recorded.
The skill directs automatic file archiving after subjective triggers, but the instructions do not require explicit user confirmation before persisting potentially sensitive work data.
- 重要进展后立即存档 | 完成重要任务 | 自动存档 |
Require explicit user approval before each archive, show the exact content to be saved, and avoid automatic persistence for sensitive data.
Sensitive local agent configuration could be duplicated into a more visible folder and retained longer than intended.
The documented archive command copies the local OpenClaw configuration file into the memory folder. That file may contain account, provider, or credential-related configuration, and the skill gives no redaction or scoping guidance.
cp ~/.openclaw/openclaw.json ~/Desktop/小牛马的工作文件夹/
Do not copy the full OpenClaw config file. Store only non-secret notes about configuration changes, redact tokens or account identifiers, and get user confirmation first.
Private account/API details may remain in local memory files and later influence the agent's behavior or be exposed to anyone with access to the folder.
The skill explicitly includes API configuration changes, account information, and work-rule updates in persistent memory, but does not define retention, access controls, redaction, or how future sessions should trust the stored notes.
**存档内容**: - API 配置变化 - 账号信息 - 任务进度 - 项目状态 - 工作规则更新
Exclude secrets and account details from memory, add retention and deletion rules, restrict the folder permissions, and treat stored rules/notes as untrusted until the user confirms them.