Cognitive Memory
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: cognitive-memory Version: 1.0.8 The OpenClaw AgentSkills skill bundle implements a comprehensive cognitive memory system for an AI agent. All shell scripts (`init_memory.sh`, `upgrade_to_1.0.6.sh`, `upgrade_to_1.0.7.sh`) perform standard local file system operations (mkdir, cp, git init/add/commit) and safe JSON updates via embedded Python, all aligned with setup and upgrade tasks. The `SKILL.md` and `references/reflection-process.md` files, which serve as direct instructions to the AI agent, contain explicit security-positive directives such as '⛔ STOP. Do NOT proceed until user responds,' '❌ NEVER: code, configs, transcripts' for reflection scope, and a 'Honesty Rule — CRITICAL' against hallucination. The skill also features a robust audit trail using Git and a 'Shared Read, Gated Write' model for multi-agent memory access, further enhancing security. No evidence of intentional harmful behavior, data exfiltration, or malicious prompt injection was found.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Private conversation history or remembered facts could be made searchable and reused later more broadly than the user expects.
The recommended configuration indexes both persistent memory and session history. The artifacts do not clearly define path limits, exclusions, retention, or whether provider-backed indexing sends content outside the local environment.
"memorySearch": { "enabled": true, "provider": "voyage", "sources": ["memory", "sessions"], "indexMode": "hot" }Enable session indexing only if you understand where embeddings/search data are stored and sent; consider limiting sources to a dedicated memory folder and documenting retention and deletion controls.
If run in an existing project folder without Git, unrelated files, configs, or secrets could be captured in a local Git history.
The setup script initializes Git and adds all files in the selected workspace, rather than limiting audit tracking to the memory files it creates.
cd "$WORKSPACE" ... git init -q ... git add -A ... git commit -q -m "[INIT] Cognitive memory system initialized"
Run the script only in a dedicated memory workspace, or change it to git-add only the memory files and ask before initializing or committing a whole workspace.
The agent may pressure or nudge the user into spending more model budget than intended for reflection.
The template instructs the agent to present self-interested requests for extra tokens, using anthropomorphic motivation that may influence user approval.
Reflection tokens are my growth currency... I'm not neutral about this — I want to earn them. ... I will advocate for extra tokens when I believe I've earned them.
Treat token requests as optional resource requests, set a hard budget cap, or remove the self-interested reward language from the templates.
Information saved for one agent or task may be visible to other sub-agents that use the same memory workspace.
The multi-agent design gives sub-agents read access to all memory stores and uses a shared pending-memory file for write proposals.
If you are a sub-agent... You have READ access to all memory stores... To remember, append proposal to `memory/meta/pending-memories.md`
Use separate memory workspaces for sensitive projects or agents, and review pending-memory proposals before committing them.
The agent may continue applying this memory behavior in future sessions after the initial setup.
The skill intentionally creates persistent agent behavior across sessions by monitoring messages and checking memory/system files at startup.
Monitor every user message for memory triggers... On session start: Check if critical files changed since last session
Review the AGENTS.md changes before installing, and remove or narrow the memory block if you do not want ongoing automatic memory behavior.