ClawHub
Back to skill
v3.0.0

Persistent Memory

ReviewClawScan verdict for this skill. Analyzed May 1, 2026, 5:50 AM.

Analysis

This looks like a real persistent-memory tool, but it should be reviewed carefully because setup automatically changes OpenClaw memory behavior and persistently indexes user, session, and workspace files.

GuidanceInstall only if you want a persistent local memory system and are comfortable with automatic OpenClaw memory configuration changes. Before running setup, back up OpenClaw config, review the extraPaths/sessionMemory/watch settings, avoid indexing secrets, and know how to remove vector_memory/chroma_db, memory_graph.json, and the memorySearch config if you uninstall.

Findings (4)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Tool Misuse and Exploitation
SeverityMediumConfidenceHighStatusConcern
scripts/unified_setup.sh
config['agents']['defaults']['memorySearch'] = memory_config ... with open(config_path, 'w') as f: json.dump(config, f, indent=2)

The one-command setup automatically changes OpenClaw agent defaults rather than only installing local memory files; the unified setup path writes the config directly.

User impactRunning setup can change future OpenClaw agent behavior by enabling broader automatic memory search and indexed paths.
RecommendationBack up and review the OpenClaw configuration before running setup; consider applying memorySearch manually with narrower paths and sync settings.
Agentic Supply Chain Vulnerabilities
SeverityLowConfidenceHighStatusNote
scripts/unified_setup.sh
"$MEMORY_DIR/venv/bin/pip" install -q \
    sentence-transformers==3.3.1 \
    chromadb==0.6.3 \
    networkx==3.4.2

Setup installs external Python packages into a virtual environment. The versions are pinned and the dependencies match the memory/search purpose, but users should still notice the package install.

User impactInstallation depends on external packages and may download ML/vector database components into the workspace environment.
RecommendationInstall in a controlled environment, verify package provenance if required, and keep the generated virtual environment scoped to the workspace.
Permission boundary

Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.

Identity and Privilege Abuse
SeverityMediumConfidenceHighStatusConcern
scripts/configure_openclaw.py
possible_paths = [os.path.expanduser("~/.openclaw/openclaw.json"), os.path.expanduser("~/.openclaw/config.json"), "./openclaw.json"] ... subprocess.run(['openclaw', 'gateway', 'restart']

The included configuration script targets user/global OpenClaw configuration files and can restart the OpenClaw gateway, requiring authority over the agent runtime configuration.

User impactThe skill may alter OpenClaw defaults beyond the current workspace and affect how agents behave after installation.
RecommendationRun configuration with dry-run/manual review where possible, keep a backup, and confirm whether changes should apply globally or only to the current workspace.
Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Memory and Context Poisoning
SeverityMediumConfidenceHighStatusConcern
scripts/configure_openclaw.py
"sources": ["memory", "sessions"], "extraPaths": ["SOUL.md", "AGENTS.md", "HEARTBEAT.md", "PROJECTS.md", "TOOLS.md", "IDENTITY.md", "USER.md", "reference/", "ARCHITECTURE.md"], ... "watch": True

The memorySearch configuration includes sessions plus user, identity, directive, and reference files, and enables ongoing sync/watch behavior.

User impactPersonal or internal workspace information may be indexed and reused in future agent context; incorrect or malicious content in those files could influence later answers or actions.
RecommendationDo not store secrets in indexed files, narrow extraPaths, disable sessionMemory/watch if not needed, and define a cleanup/retention process for vector_memory and OpenClaw memory indexes.