Local Memory
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Package or model changes upstream could affect what code or files are installed in the user's Python environment.
The setup script installs unpinned Python dependencies and downloads a model. This is consistent with the skill's purpose, but dependency and model provenance matter.
[py, "-m", "pip", "install", "chromadb", "sentence-transformers", "certifi"] ... SentenceTransformer("BAAI/bge-small-zh-v1.5")Install in an isolated Python environment, review dependencies, and prefer pinned package/model versions if possible.
Information saved through this skill may be recalled in later sessions and could influence future agent responses.
The skill persistently stores user-provided memory text in a local ChromaDB database under the skill directory.
DB_PATH = os.path.join(SCRIPT_DIR, '..', 'data') ... collection.add(... documents=[args.text] ...)
Only store information you intentionally want retained, avoid secrets, and use the forget command to remove memories when needed.