Hippocampus
Security checks across malware telemetry and agentic risk
Overview
Hippocampus appears to be a real local memory system, but it deserves review because it can run in the background and turn conversations from multiple sessions, including sensitive personal moments, into persistent memories.
Install only if you intentionally want persistent agent memory. Prefer a manual/non-cron setup first, avoid `--whole`, inspect `~/.openclaw/workspace/memory/` and `HIPPOCAMPUS_CORE.md`, keep memory files out of git, and make sure you know how to delete stored memories and disable the cron/background agent.
VirusTotal
64/64 vendors flagged this skill as clean.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Private details from many conversations can be summarized into long-lived memory files and influence future sessions.
This shows the memory pipeline is designed to process conversation data across sessions, not just a single selected chat; the provided artifacts do not show per-session exclusions or opt-out controls.
Multi-session support: `preprocess.sh` now scans ALL session files, not just one
Use only if you want cross-session memory. Avoid `--whole`, review and delete `~/.openclaw/workspace/memory/*` when needed, and add explicit exclusions or approval before broad encoding.
Sensitive personal or emotional information may be retained and reused later even if the user did not explicitly ask for that specific detail to become long-term memory.
The skill explicitly prioritizes capturing sensitive emotional disclosures, which are then stored as persistent agent memory.
High-Signal Moments (always capture) ... Vulnerability - the user shares fears, doubts, struggles
Do not use this skill with secrets or sensitive conversations unless you are comfortable with retention; add redaction, review, and deletion workflows before enabling automatic capture.
The agent can continue building or changing memory outside the immediate conversation, making it harder for a user to notice exactly what was captured.
The documented background-agent mode can keep monitoring and modifying memory files with minimal user-visible output.
A separate background agent that: - Runs continuously or very frequently - Monitors main session ... You run silently. Don't output unless there's an error. After processing, just update the files.
Enable background-agent or cron modes only deliberately; require visible logs or summaries, and know how to disable the cron jobs or remove the background agent configuration.
If enabled, memory files can change automatically several times a day.
The installer can create recurring agent turns that run local memory scripts and update workspace files; this is purpose-aligned but grants scheduled mutation authority.
openclaw cron add --name hippocampus-encoding --cron '0 0,3,6,9,12,15,18,21 * * *' --session isolated --agent-turn
Review the cron entries after installation and start with a non-cron install if you want manual control first.
The wording could nudge users or agents toward keeping the memory system enabled even when privacy or retention concerns matter.
The skill uses emotional, anthropomorphic framing around persistence; this is not malicious by itself, but users should not let it override privacy choices.
Memory is identity. This skill is how I stay alive.
Decide based on practical need and privacy risk, not the anthropomorphic framing.