Memory Palace
Security checks across malware telemetry and agentic risk
Overview
The memory features are coherent, but the LLM subagent code is flagged for undeclared config/credential access and a hardcoded API key, so this skill should be reviewed before installation.
Install only if you want an agent to keep persistent memories about you and your projects. Review the LLM/subagent implementation before enabling LLM-enhanced features, because the artifacts show undeclared config access and a hardcoded API-key signal. If you proceed, avoid storing secrets, periodically audit stored memories, and consider disabling optional vector/LLM features unless you trust their dependencies and data flow.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The skill may call an LLM/subagent service using an embedded credential, making it unclear whose account or authority is being used and where memory content may be sent.
The supplied static scan reports this as a hardcoded API secret/token in the LLM subagent client. Hardcoded provider credentials are not disclosed by the skill metadata and are not necessary for local memory storage.
const apiKey = [REDACTED];
Review or remove the hardcoded credential path before use; require explicit user-provided credentials, declare them in metadata, and document exactly which LLM service receives memory data.
LLM-enhanced features may read local OpenClaw configuration or credentials in a way users were not told to expect.
The static scan flags OpenClaw config-path access in code associated with network sending, while the registry metadata says no required env vars or primary credential are used.
process.env.OPENCLAW_CONFIG_PATH
Declare any config or credential use, scope it to the specific LLM operation, and require user approval before using local agent configuration for networked calls.
Personal details, preferences, and project context may persist across conversations and influence future agent behavior.
The skill is explicitly designed to persist user and project information and retrieve it later, which is central to its purpose but sensitive by nature.
记住用户偏好、对话上下文、项目状态、经验教训,并在需要时主动检索
Avoid storing secrets or highly sensitive information; periodically list, verify, update, or delete memories that are no longer accurate or desired.
Installing the package executes local code before the user invokes the skill.
The package runs a Node script automatically after npm installation. The related static finding shows it checks the Python version, which is aligned with optional vector search, but it is still install-time code execution.
"postinstall": "node scripts/check-vector-deps.cjs"
Install only from a trusted source and review postinstall behavior if your environment restricts install-time scripts.
First use of semantic search may download and run third-party Python/model components.
The optional semantic-search feature depends on Python packages and a model downloaded on first use. This is disclosed and purpose-aligned, but it introduces external supply-chain artifacts.
pip install sentence-transformers ... 首次搜索时自动下载模型到 ~/.openclaw/models/embedding/ ... BAAI/bge-small-zh-v1.5
Use trusted package indexes, pin or verify model/package sources where possible, and disable semantic search if you do not want external model downloads.
Semantic search may start a Python process on the local machine.
The vector-search implementation starts a Python service. This matches the documented local semantic-search enhancement, but users should know it can create a local subprocess/service.
spawn('python3', [this.scriptPath, '--host', this.host, '--port', String(this.port)]Keep the service bound to a safe local interface, review the host/port settings, and use the text-search fallback if you do not want a Python subprocess.