Memory Setup
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: memory-setup Version: 1.0.0 The skill bundle is designed to configure persistent memory for an AI agent. The `_meta.json` file contains standard metadata. The `SKILL.md` provides instructions for users to modify configuration files (`~/.clawdbot/clawdbot.json`), create specific file structures (`MEMORY.md`, `memory/logs/`), and add instructions to the agent's `AGENTS.md` file. The agent instructions are limited to using built-in memory search and retrieval tools (`memory_search`, `memory_get`) and do not contain any directives for malicious prompt injection, data exfiltration, unauthorized execution, or persistence. The `clawdbot gateway restart` command is a legitimate administrative action for troubleshooting. All content aligns with the stated purpose and lacks high-risk behaviors.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Personal notes, project history, preferences, and past conversations may be recalled in later interactions; stale or incorrect memory could also influence future answers.
The skill explicitly enables persistent, real-time memory search over curated memory files and past session transcripts, and suggests adding instructions for future agents to use that memory.
"sources": ["memory", "sessions"], "indexMode": "hot" ... "sessions — Past conversation transcripts" ... "Before answering ... Run memory_search with relevant query"
Review what is stored in MEMORY.md, memory folders, and indexed sessions; avoid secrets or highly sensitive data; periodically prune or correct memory; and consider limiting sources if broad recall is not desired.
Using Voyage or OpenAI may require provider credentials tied to the user’s account and billing; mishandling those keys could expose provider access.
The skill discloses optional API keys for external embedding providers. This is expected for the stated memory-search purpose, and no artifact shows hardcoded keys, logging, or unrelated credential use.
Provider errors? - Voyage: Set `VOYAGE_API_KEY` in environment - OpenAI: Set `OPENAI_API_KEY` in environment - Use `local` provider if no API keys available
Use environment variables rather than committing keys to files, restrict or rotate keys where possible, and choose the local provider if external provider credentials are not desired.