Dory-Proof Memory System
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: dory-memory Version: 1.0.0 The skill implements a file-based memory system for AI agents, which inherently requires file system access and direct instructions to the agent. While the `cp -r` command in `SKILL.md` and `mkdir -p` in `references/IMPLEMENTATION-GUIDE.md` are high-risk capabilities, they are used for local setup of the workspace and are clearly aligned with the stated purpose. The strong instructions to the agent in `SKILL.md` and `references/IMPLEMENTATION-GUIDE.md` (e.g., 'IMMEDIATELY write their EXACT WORDS') are a form of prompt injection, but their objective is to ensure fidelity of user input and implement the memory system, not to subvert the agent. Furthermore, `assets/templates/LESSONS.md` and `references/ANTI-PATTERNS.md` contain explicit safety rules (e.g., 'Ask before external actions', 'trash > rm', 'Never use isolated agentTurn for social media posting') that actively promote secure and responsible agent behavior. There is no evidence of intentional harmful behavior, data exfiltration, or malicious execution.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Private or sensitive wording from tasks could remain in local memory files and influence future sessions.
The skill intentionally stores exact user instructions and later reloads memory files into future sessions, which is purpose-aligned but can retain sensitive text or stale instructions.
When the user gives a task: 1. **IMMEDIATELY** write their EXACT WORDS to `state/ACTIVE.md` ... Boot Sequence (Every Session) ... Read `MEMORY.md`
Use this only for workspaces where persistent memory is desired, avoid putting secrets in tasks, and periodically review or clear ACTIVE.md, MEMORY.md, USER.md, and recent-work files.
A future agent session may follow outdated state or hold entries unless the files are kept accurate.
The design makes mutable state files authoritative for resolving conflicts, so incorrect or stale state entries could block or redirect future work.
When files conflict, priority (highest first): 1. **state/HOLD.md** — blocks override all 2. **state/ACTIVE.md** — current instruction ... 4. **AGENTS.md** — general rules
Review HOLD.md, ACTIVE.md, and DECISIONS.md at session start, clear completed or stale entries, and do not copy untrusted text into memory files as instructions.