Memory Graph
ReviewAudited by ClawScan on May 10, 2026.
Overview
This looks like a memory-graph visualization skill, but it does not explain how cross-user memory data is protected or where its required CLI command comes from.
Before installing, confirm what `memory-graph` command will run, where the memory data comes from, and whether cross-user discovery can be disabled or limited to explicitly authorized users and graph IDs.
Findings (2)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Private memories or inferred relationships between users could be exposed or reused in ways the user did not expect.
The skill advertises discovering connections across users' memory data, but the artifacts do not describe consent, access limits, isolation between users, retention, or export safeguards.
- Cross-user connection discovery
Require explicit opt-in for any cross-user discovery, document the data source and access rules, and provide clear controls for export, retention, and exclusion of sensitive memories.
The skill may not work as provided, or an agent may run a locally available command whose origin was not reviewed with this skill.
The usage relies on a `memory-graph` CLI, while the provided artifact set says there is no install spec, no code, and no required binary declaration; this is a provenance and setup gap rather than proof of unsafe behavior.
memory-graph render <graph-id> # Generate graph visualization
Verify the `memory-graph` executable separately before use, or update the skill metadata to declare the required binary and its trusted installation source.