Agent Memory Store
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: agent-memory-store Version: 1.2.0 The OpenClaw skill 'agent-memory-store' provides a local HTTP API for semantic memory storage, using SQLite for persistence and optionally OpenAI for embeddings. The code uses parameterized SQL queries, handles API keys securely via environment variables, and makes a legitimate external call to `api.openai.com` for its core functionality. There is no evidence of data exfiltration, malicious execution, persistence mechanisms, or prompt injection attempts against the agent in `SKILL.md` or the Python code. The `homepage` URL in `SKILL.md` is metadata and not interacted with by the skill's logic.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Other local or network-reachable clients may be able to read, write, or delete persistent agent memories, depending on how the environment exposes port 8768.
The service listens on all interfaces and the memory list/read/delete handlers do not show authentication or caller identity checks; when no agent parameter is supplied, no owner filter is applied.
HTTPServer(("0.0.0.0", PORT), Handler).serve_forever(); agent = qs.get("agent",[None])[0]; if agent: sql += " AND (owner=? OR public=1)"; get_db().execute("DELETE FROM memories WHERE id=?",(mid,))Bind to localhost by default, add authentication and owner authorization, require explicit agent scoping, and document any intended network exposure.
A mistaken or malicious client could plant false persistent memories that influence future agent behavior across restarts.
Any caller can choose the owner, content, public flag, and omit TTL, creating persistent memories that can later be retrieved by that owner or by all agents if marked public.
DB_FILE = "/root/.openclaw/workspace/data/agent_memory.db"; ... (mid, body["owner"], body["content"], json.dumps(body.get("tags",[])), 1 if body.get("public") else 0, time.time(), time.time()+ttl if ttl else None, emb)Authenticate writers, bind the owner field to the caller identity, keep provenance, moderate public memories, and default to short TTLs or per-agent isolation.
If OPENAI_API_KEY is present, stored memories and queries may be transmitted to OpenAI and billed to that account without a clear user-facing opt-in.
The code automatically uses an ambient OpenAI API key and sends stored memory text or search queries for embeddings, while the registry metadata declares no required env vars or primary credential.
OPENAI_KEY = os.getenv("OPENAI_API_KEY", ""); req = urllib.request.Request("https://api.openai.com/v1/embeddings", data=payload, headers={"Authorization": f"Bearer {OPENAI_KEY}", "Content-Type": "application/json"}); emb = embed_openai(body["content"])Declare the optional credential, make external embeddings an explicit opt-in setting, document exactly what text is sent, and provide a simple way to force local-only Jaccard search.