Soul Memory
PassAudited by VirusTotal on May 11, 2026.
Overview
Type: OpenClaw Skill Name: soul-memory Version: 3.5.13 The Soul Memory System is a sophisticated long-term memory framework that uses a 'Heartbeat' mechanism to periodically scan session logs and inject context into AI prompts. While the functionality aligns with its stated purpose, the TypeScript plugin (plugin/index.ts) contains a potential shell injection vulnerability; it executes a Python CLI command using a query string that is only minimally escaped via a regex replace. Furthermore, the FastAPI web interface (web/app.py) lacks authentication, potentially exposing sensitive conversation history if the service is accessible over a network. The use of cron jobs and instructions in HEARTBEAT.md to execute local scripts are intended features for automated memory maintenance but represent a significant privilege level for a skill bundle.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Private or outdated conversation details could be stored and later reused automatically in responses.
The skill automatically saves memory and injects retrieved memories into future prompts, which can carry sensitive or incorrect context across sessions.
Auto-Trigger | Pre-response search + Post-response auto-save ... `before_prompt_build` Hook for automatic context injection ... Inject into prompt via `prependContext`
Install only if you want persistent long-term memory; configure clear retention, deletion, and exclusion rules, and avoid saving secrets or sensitive personal data.
Users cannot tell what credential-like data may be accessed or required.
The declared credential contract says no credentials are needed, but the capability signal indicates sensitive credential access, without explaining which credentials or scope.
Required env vars: none ... Primary credential: none ... Capability signals: requires-sensitive-credentials
The publisher should document any credential, token, cookie, profile, or session access explicitly, including scope and storage behavior.
The memory system may keep running checks or updates in the background after installation.
The skill documents recurring automatic heartbeat execution, which is expected for this memory system but persists beyond a single explicit invocation.
每次 Heartbeat 時自動執行以下命令: `python3 /root/.openclaw/workspace/soul-memory/heartbeat-trigger.py` ... Heartbeat 檢查 | 每 30 分鐘左右
Review and disable heartbeat or cron jobs if you do not want automatic memory maintenance.
Running the installer can modify the local OpenClaw environment and enable plugin behavior.
Installation relies on a user-run shell script from a GitHub repository and installs an OpenClaw extension; this is disclosed and purpose-aligned, but it is outside the registry install spec.
git clone https://github.com/kingofqin2026/Soul-Memory-.git ... bash install.sh ... Plugin is automatically installed to ~/.openclaw/extensions/soul-memory
Inspect `install.sh`, the plugin manifest, and any cron changes before running the installer.