Memory Graph
PassAudited by VirusTotal on May 11, 2026.
Overview
Type: OpenClaw Skill Name: memory-graph Version: 1.0.0 The skill bundle contains only metadata and documentation for a memory visualization tool. There is no executable code or suspicious instructions present in SKILL.md or _meta.json, and the described functionality (rendering and exporting knowledge graphs) is consistent with its stated purpose.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Private memories or inferred relationships between users could be exposed or reused in ways the user did not expect.
The skill advertises discovering connections across users' memory data, but the artifacts do not describe consent, access limits, isolation between users, retention, or export safeguards.
- Cross-user connection discovery
Require explicit opt-in for any cross-user discovery, document the data source and access rules, and provide clear controls for export, retention, and exclusion of sensitive memories.
The skill may not work as provided, or an agent may run a locally available command whose origin was not reviewed with this skill.
The usage relies on a `memory-graph` CLI, while the provided artifact set says there is no install spec, no code, and no required binary declaration; this is a provenance and setup gap rather than proof of unsafe behavior.
memory-graph render <graph-id> # Generate graph visualization
Verify the `memory-graph` executable separately before use, or update the skill metadata to declare the required binary and its trusted installation source.