Shared Memory for Multi-Agent OpenClaw
PassAudited by VirusTotal on May 11, 2026.
Overview
Type: OpenClaw Skill Name: multi-agent-shared-memory Version: 1.1.0 The skill implements a shared memory system for multiple OpenClaw agents by creating a centralized directory and using symbolic links to sync data across workspaces. It automates the setup of a 'shared-knowledge' folder and modifies agent configuration files (AGENTS.md) to establish a synchronization protocol. While it utilizes shell commands for symlinking (ln -s / New-Item) and modifies agent instructions, these actions are transparently aligned with the stated goal of multi-agent coordination and lack any indicators of malicious intent or data exfiltration.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A mistake or unwanted edit could change how multiple OpenClaw agents behave in future sessions.
The skill directs the agent to perform persistent filesystem and agent-configuration changes across multiple workspaces without an explicit confirmation, backup, or rollback step.
“Do everything automatically” ... “Append the shared memory protocol block to each agent's `AGENTS.md`.”
Require the agent to show exact target paths and diffs, make backups of AGENTS.md, ask for confirmation before each persistent edit, and provide an uninstall/rollback procedure.
Incorrect, sensitive, or misleading summaries could be reused by other agents and affect future answers or actions.
The skill creates persistent memory that is automatically reused across agents and sessions, but does not define retention, review, trust boundaries, or safeguards against stale or poisoned memory.
“Session start | Read `SHARED-MEMORY.md` + all other agents' sync files” and “Session end | Update own sync file with conversation highlights.”
Treat shared memory as untrusted context, let the user review or approve sensitive entries, exclude secrets and private content, add retention/cleanup controls, and record which agent wrote each entry.
One wrong or malicious memory entry could influence several agents instead of staying isolated to one workspace.
The design scales by making every agent read other agents' shared summaries, so a bad entry can propagate across multiple workspaces and future sessions without containment controls.
“For each additional agent ... Update existing agents' AGENTS.md to also read the new agent's sync file.”
Add containment rules: source labels, timestamps, conflict handling, user review for important shared facts, and a way to disable or isolate a problematic agent's sync file.