Goldhold Skill
PassAudited by ClawScan on May 10, 2026.
Overview
GoldHold is a coherent third-party persistent-memory skill, but using it means sending selected session context to GoldHold for storage and reuse.
This skill appears purpose-aligned for GoldHold persistent memory. Install it only if you are comfortable sending selected conversation context to GoldHold, use secure secret storage for GOLDHOLD_API_KEY, avoid saving secrets or private data unnecessarily, and periodically review what the agent has remembered.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If used carelessly, the agent could store or send summaries, decisions, or other context that the user did not intend to share with GoldHold.
The skill exposes documented external API operations, including a send action. This is disclosed and aligned with the GoldHold memory/messaging workflow, but it can transmit user-derived content to the provider.
POST /v1/turn -- Search + Store + Send (Main Tool) ... can search, store, and send messages in one request.
Confirm before sending messages or saving sensitive material, and keep API use limited to the documented GoldHold endpoint.
Anyone with the API key may be able to access or modify the associated GoldHold memory account, depending on the provider's controls.
The skill requires a GoldHold API key, which is expected for a hosted memory service and is disclosed in both the registry metadata and SKILL.md.
Required env vars: GOLDHOLD_API_KEY; Primary credential: GOLDHOLD_API_KEY
Store the API key only in a secret manager, avoid committing it to files or shell profiles, and rotate it if it may have been exposed.
Incorrect, sensitive, or maliciously inserted memories could be reused later and shape the agent's answers or behavior across sessions.
The skill intentionally stores and retrieves persistent memories, including directives and identity/configuration information, which can influence later sessions.
GoldHold is a persistent memory API... Store decisions, facts, and corrections... DIRECTIVE | Standing instructions or rules
Do not store secrets or highly sensitive data unless necessary, review saved memories, delete or tombstone outdated entries, and treat retrieved memories as context that must not override current user or system instructions.