memory-attention-router
PassAudited by VirusTotal on May 11, 2026.
Overview
Type: OpenClaw Skill Name: memory-attention-router Version: 1.1.0 The memory-attention-router skill is a legitimate utility designed to provide long-term memory management for OpenClaw agents using a local SQLite database. The Python implementation in `scripts/memory_router.py` follows security best practices by using parameterized SQL queries to prevent injection and contains no network-reaching code, obfuscation, or unauthorized file system access. The instructions in `SKILL.md` and the LLM prompt templates in `scripts/prompts/` are strictly functional, focusing on summarizing task outcomes and retrieving relevant context without any evidence of malicious prompt injection or data exfiltration logic.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Incorrect, stale, or sensitive stored memories could be reused in future tasks and shape the agent's decisions or responses.
The skill persistently stores reusable memories and routed packets, which can contain task details, preferences, tool outcomes, or summaries that later influence agent behavior.
CREATE TABLE IF NOT EXISTS memories (... summary TEXT NOT NULL, details_json TEXT NOT NULL ...); CREATE TABLE IF NOT EXISTS working_memory_packets (... goal TEXT NOT NULL, packet_json TEXT NOT NULL ...)
Use a database path you control, avoid storing secrets, and use the list, inspect, and refresh flows to review or retire stale memory.
Installing the skill means allowing a local helper script to create and update the memory database during use.
The skill instructs the agent to run a local Python helper for routing, adding, reflecting, refreshing, listing, and inspecting memory. This is disclosed and central to the skill's purpose.
`python3 {baseDir}/scripts/memory_router.py route --input-json '<JSON>'`Review the included helper before use and ensure the database path is appropriate for your workspace.
Users have less provenance context for the helper code and may not realize a Python runtime is needed.
The registry metadata lacks source/homepage provenance and does not declare python3 even though the skill documentation invokes the included Python script.
Source: unknown; Homepage: none; Required binaries: none; Code file presence: scripts/memory_router.py
Treat the local script as part of the trusted computing base and verify its source before enabling the skill.