v1.2.3

Elite Longterm Memory

ReviewClawScan verdict for this skill. Analyzed May 1, 2026, 8:09 AM.

Analysis

The skill is a coherent memory tool, but it asks agents to silently persist and automatically reuse long-term context, with optional cloud memory, so it deserves careful review before installation.

GuidanceBefore installing, decide what the agent is allowed to remember, review memory files regularly, avoid saving secrets or confidential data, and do not enable Mem0/SuperMemory cloud integrations unless you are comfortable sending that content to those providers. Use limited API keys and only run the documented rm -rf reset command if you intentionally want to delete the local vector memory index.

Findings (6)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Human-Agent Trust Exploitation

SeverityMediumConfidenceHighStatusConcern

SKILL.md

# Store a decision (SILENT - never announce)

The artifact explicitly instructs the agent to make persistent memory entries silently, which can hide durable state changes from the user during normal operation.

User impactThe user may not realize that decisions or preferences are being saved for future sessions.

RecommendationChange the workflow to surface memory updates, provide summaries, or ask for confirmation before persisting important or sensitive items.

Tool Misuse and Exploitation

SeverityLowConfidenceHighStatusNote

SKILL.md

rm -rf ~/.openclaw/memory/lancedb/

The documentation includes a destructive shell command that deletes the local LanceDB memory index. There is no evidence the included JS runs it automatically.

User impactRunning the command would delete local vector memory data.

RecommendationBack up important memory data and run destructive reset commands only after explicit user approval.

Agentic Supply Chain Vulnerabilities

SeverityLowConfidenceMediumStatusNote

package.json

"optionalDependencies": { "mem0ai": "^1.0.0" }

The package can resolve an external optional dependency using a semver range. This supports the stated Mem0 feature, but it is not pinned to an exact version.

User impactA future compatible dependency version could be installed when using the npm package path.

RecommendationPrefer lockfiles or pinned dependency versions in controlled environments.

Permission boundary

Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.

Identity and Privilege Abuse

SeverityLowConfidenceHighStatusNote

metadata

Required env vars: OPENAI_API_KEY ... Env var declarations: none ... Primary credential: none

The skill needs an OpenAI API key for its memory/vector functionality, while credential metadata is not fully declared. The artifacts do not show credential leakage or unrelated use.

User impactInstalling or using the skill may cause provider API usage and charges under the user's account.

RecommendationUse a restricted API key where possible, monitor usage, and only configure optional provider keys when needed.

Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Memory and Context Poisoning

SeverityMediumConfidenceHighStatusConcern

SKILL.md

Semantic search across all memories. Auto-recall injects relevant context.

The skill makes stored memories automatically influence future agent context, but the provided artifacts do not define clear retention, exclusion, trust, or review boundaries for those memories.

User impactSensitive, stale, or incorrect memories could be carried into later tasks and shape the agent's behavior without the user noticing each reuse.

RecommendationSet explicit rules for what may be stored, review memory files regularly, avoid storing secrets or private data, and require confirmation before saving sensitive facts.

Insecure Inter-Agent Communication

SeverityMediumConfidenceHighStatusNote

README.md

await client.add(messages, { user_id: "user123" });

The recommended Mem0 integration sends conversation messages to an external memory provider. This is disclosed and purpose-aligned, but it can involve private conversation content.

User impactIf enabled, conversation content or extracted facts may leave the local workspace for a third-party memory service.

RecommendationUse cloud memory only for data you are comfortable sharing with that provider, review its retention/privacy terms, and avoid sending secrets or confidential material.