Shared Memory for Multi-Agent OpenClaw
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A mistake or unwanted edit could change how multiple OpenClaw agents behave in future sessions.
The skill directs the agent to perform persistent filesystem and agent-configuration changes across multiple workspaces without an explicit confirmation, backup, or rollback step.
“Do everything automatically” ... “Append the shared memory protocol block to each agent's `AGENTS.md`.”
Require the agent to show exact target paths and diffs, make backups of AGENTS.md, ask for confirmation before each persistent edit, and provide an uninstall/rollback procedure.
Incorrect, sensitive, or misleading summaries could be reused by other agents and affect future answers or actions.
The skill creates persistent memory that is automatically reused across agents and sessions, but does not define retention, review, trust boundaries, or safeguards against stale or poisoned memory.
“Session start | Read `SHARED-MEMORY.md` + all other agents' sync files” and “Session end | Update own sync file with conversation highlights.”
Treat shared memory as untrusted context, let the user review or approve sensitive entries, exclude secrets and private content, add retention/cleanup controls, and record which agent wrote each entry.
One wrong or malicious memory entry could influence several agents instead of staying isolated to one workspace.
The design scales by making every agent read other agents' shared summaries, so a bad entry can propagate across multiple workspaces and future sessions without containment controls.
“For each additional agent ... Update existing agents' AGENTS.md to also read the new agent's sync file.”
Add containment rules: source labels, timestamps, conflict handling, user review for important shared facts, and a way to disable or isolate a problematic agent's sync file.