Enhanced Memory
PassAudited by ClawScan on May 1, 2026.
Overview
The skill appears purpose-aligned for local enhanced memory search, but it persistently indexes private memory files and sends text to a configured Ollama embedding endpoint.
This skill is coherent for enhancing memory search and does not show exfiltration, deception, or destructive behavior. Before installing, be comfortable with it reading your memory directory and core markdown files, storing their text in local index files, and sending text to your configured Ollama embedding endpoint.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Private memories or core instruction files may be duplicated into a persistent search index and later retrieved into the agent context.
The indexer collects all markdown files under the memory directory plus core workspace files and stores chunk text and embeddings in a persistent vectors.json file.
CORE_FILES = ['MEMORY.md', 'AGENTS.md', 'USER.md', 'SOUL.md', 'research.md'] ... if f.endswith('.md'): files.append(os.path.join(root, f)) ... json.dump(all_chunks, f, indent=None)Use it only in the intended workspace, review what is in memory and core markdown files before indexing, and delete or regenerate vectors.json/crossrefs.json when needed.
If OLLAMA_URL is pointed at a remote or untrusted service, memory contents and search queries could be shared with that service.
Embedding requests containing memory text are sent to the configured Ollama HTTP endpoint; the default is local, but the endpoint can be overridden.
OLLAMA_URL = os.environ.get('OLLAMA_URL', 'http://localhost:11434/api/embed') ... urllib.request.urlopen(req, timeout=60)Keep the default local Ollama endpoint unless you intentionally trust another endpoint to receive memory content.
Users have less provenance information to decide whether to trust the included scripts.
The artifacts do not provide an upstream source or install provenance, making independent verification of the package origin harder.
Source: unknown; Homepage: none; No install spec — this is an instruction-only skill.
Review the included scripts before use, install Ollama from its official source, and verify any documented helper script before wiring it into an agent.