Memory Setup
PassAudited by ClawScan on May 1, 2026.
Overview
This instruction-only skill is purpose-aligned for setting up persistent memory, but users should understand it can index memory files and past sessions for future recall.
This skill appears coherent and benign for its stated purpose. Before installing or following it, decide whether you want past sessions and memory files indexed for future recall, avoid storing passwords or secrets in memory, and use the local provider if you do not want to configure external embedding-provider API keys.
Findings (2)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Personal notes, project history, preferences, and past conversations may be recalled in later interactions; stale or incorrect memory could also influence future answers.
The skill explicitly enables persistent, real-time memory search over curated memory files and past session transcripts, and suggests adding instructions for future agents to use that memory.
"sources": ["memory", "sessions"], "indexMode": "hot" ... "sessions — Past conversation transcripts" ... "Before answering ... Run memory_search with relevant query"
Review what is stored in MEMORY.md, memory folders, and indexed sessions; avoid secrets or highly sensitive data; periodically prune or correct memory; and consider limiting sources if broad recall is not desired.
Using Voyage or OpenAI may require provider credentials tied to the user’s account and billing; mishandling those keys could expose provider access.
The skill discloses optional API keys for external embedding providers. This is expected for the stated memory-search purpose, and no artifact shows hardcoded keys, logging, or unrelated credential use.
Provider errors? - Voyage: Set `VOYAGE_API_KEY` in environment - OpenAI: Set `OPENAI_API_KEY` in environment - Use `local` provider if no API keys available
Use environment variables rather than committing keys to files, restrict or rotate keys where possible, and choose the local provider if external provider credentials are not desired.