Memory Setup
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Personal notes, project history, preferences, and past conversations may be recalled in later interactions; stale or incorrect memory could also influence future answers.
The skill explicitly enables persistent, real-time memory search over curated memory files and past session transcripts, and suggests adding instructions for future agents to use that memory.
"sources": ["memory", "sessions"], "indexMode": "hot" ... "sessions — Past conversation transcripts" ... "Before answering ... Run memory_search with relevant query"
Review what is stored in MEMORY.md, memory folders, and indexed sessions; avoid secrets or highly sensitive data; periodically prune or correct memory; and consider limiting sources if broad recall is not desired.
Using Voyage or OpenAI may require provider credentials tied to the user’s account and billing; mishandling those keys could expose provider access.
The skill discloses optional API keys for external embedding providers. This is expected for the stated memory-search purpose, and no artifact shows hardcoded keys, logging, or unrelated credential use.
Provider errors? - Voyage: Set `VOYAGE_API_KEY` in environment - OpenAI: Set `OPENAI_API_KEY` in environment - Use `local` provider if no API keys available
Use environment variables rather than committing keys to files, restrict or rotate keys where possible, and choose the local provider if external provider credentials are not desired.