Dory-Proof Memory System
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Private or sensitive wording from tasks could remain in local memory files and influence future sessions.
The skill intentionally stores exact user instructions and later reloads memory files into future sessions, which is purpose-aligned but can retain sensitive text or stale instructions.
When the user gives a task: 1. **IMMEDIATELY** write their EXACT WORDS to `state/ACTIVE.md` ... Boot Sequence (Every Session) ... Read `MEMORY.md`
Use this only for workspaces where persistent memory is desired, avoid putting secrets in tasks, and periodically review or clear ACTIVE.md, MEMORY.md, USER.md, and recent-work files.
A future agent session may follow outdated state or hold entries unless the files are kept accurate.
The design makes mutable state files authoritative for resolving conflicts, so incorrect or stale state entries could block or redirect future work.
When files conflict, priority (highest first): 1. **state/HOLD.md** — blocks override all 2. **state/ACTIVE.md** — current instruction ... 4. **AGENTS.md** — general rules
Review HOLD.md, ACTIVE.md, and DECISIONS.md at session start, clear completed or stale entries, and do not copy untrusted text into memory files as instructions.