Agent Memory Temp
Security checks across static analysis, malware telemetry, and agentic risk
Overview
The memory functionality is mostly coherent, but the package identity and install instructions point to a different slug/owner than the skill being reviewed.
Before installing, confirm whether this is meant to be agent-memory-temp or agent-memory and verify the owner/source. If you use it, treat the memory database as potentially sensitive: avoid saving secrets, define what the agent may remember, and review or clean stored facts periodically.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A user following the instructions could install or trust a package identity different from the one under review.
The included package metadata declares a different owner and slug than the registry metadata for the evaluated skill, which lists slug agent-memory-temp and a different owner ID. SKILL.md also tells users to install agent-memory, creating uncertainty about which package is actually being installed or reviewed.
"ownerId": "kn79xt54feg7bq89ehsvcp01zn809mp1", "slug": "agent-memory"
Verify the intended ClawHub slug, owner, and source repository before installing. The publisher should align registry metadata, _meta.json, and installation instructions.
Incorrect, sensitive, or outdated memories could be stored and later influence the agent's responses.
The skill explicitly stores conversation-derived facts in a persistent local database and reuses them across sessions.
On session end: 1. Extract durable facts from conversation ... Default: `~/.agent-memory/memory.db`
Use this only for information you want retained, avoid storing secrets, and periodically review or delete stale memories.