letheClaw
ReviewAudited by ClawScan on May 10, 2026.
Overview
The skill is coherent as a memory integration, but it gives the agent broad persistent-memory authority and tells it to trust and write memories with limited explicit user control.
Install only if you control and trust the letheClaw API endpoint. Set LETHECLAW_API_URL explicitly, decide what the agent is allowed to remember, and consider requiring confirmation before it stores observations or relies on recalled memories.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent may rely on stored memories even when they are stale, wrong, poisoned, or when the user expected a fresh answer without memory lookup.
The skill instructs the agent to always use this memory API first and treat it as authoritative, which can override normal source-checking or a user's preference not to use the memory store.
## ⚠️ PROTOCOL (NON-NEGOTIABLE) ... ALWAYS query letheClaw API FIRST ... letheClaw is the authoritative memory system ... No exceptions. This is operator-mandated protocol.
Allow users to opt out of memory lookup, treat recalled memory as untrusted context to verify, and avoid mandatory 'no exceptions' tool-use language.
Sensitive or inaccurate information could be saved and later influence the agent's answers across sessions.
The skill can store persistent memories based on agent observations, then reuse full returned memory content directly in later tasks. The artifacts do not define consent, retention, deletion, sensitivity filters, or validation controls.
When the user says "log this", "remember that", or you observe something worth recording: ... POST to letheClaw API ... Search results include full content ... Use the returned content directly.
Use only with a trusted letheClaw API, require confirmation before storing agent-observed information, define retention/deletion controls, and verify important recalled memories.
The agent can change what the memory system stores and how important memories appear to be.
The network and mutation endpoints are purpose-aligned for a memory-management skill, but they let the agent create and modify persistent memory records.
tools: [network] ... POST `{LETHECLAW_API_URL}/memory` ... POST `{LETHECLAW_API_URL}/memory/{memory_id}/criticality` ... POST `{LETHECLAW_API_URL}/memory/{memory_id}/correction`Set LETHECLAW_API_URL to an endpoint you control and monitor memory writes or require confirmation for changes.
Users have less external context for verifying who maintains the skill or the intended letheClaw API behavior.
The skill is instruction-only, but the registry metadata does not provide a source repository or homepage for provenance review.
Source: unknown; Homepage: none
Prefer installing from a publisher or repository you trust, and review the letheClaw API deployment you connect to.