Ling Mem
ReviewAudited by ClawScan on May 12, 2026.
Overview
Ling Mem is a coherent memory skill, but it intentionally stores durable user facts, can scan past agent sessions, and runs a local daemon/hook that may reuse memories in future prompts.
Install Ling Mem only if you want durable cross-session memory. Be careful with “Scan all” if old sessions may contain secrets, review and delete saved memories periodically, keep the local daemon private, and do not bypass checksum verification during installation.
Findings (6)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Personal facts saved in memory may appear automatically in later conversations and may be included in prompts sent to your LLM provider.
The skill intentionally reuses stored memories across future prompts, which is core to its purpose but means stale, incorrect, or sensitive memories can influence later sessions and be sent to the configured model provider.
“Auto-recall on every prompt… injects the top matches as context” and “Retrieved facts do enter your agent's prompt context on each turn, so they reach whichever LLM you've configured.”
Use the delete/forget features to curate memories, avoid saving secrets, and install only if you want automatic cross-session recall.
Past agent sessions can contain personal details, code, decisions, and possibly secrets; the skill can read them during memory scans.
The skill requests write access to its memory directory and read access to Claude project/session history, which is sensitive local data but is aligned with the memory-extraction purpose and disclosed.
“paths: … ~/.linggen, mode: write … ~/.claude/projects, mode: read” and “session files scanned for fact extraction; never written to.”
Review what session directories contain before using broad scans, and prefer narrower scan ranges when unsure.
The agent can add, update, and delete memory entries and can use local commands as part of the memory workflow.
The skill grants broad file, shell, subagent, and memory-write capabilities. The artifacts describe memory-specific use, but these tools are powerful and can alter durable state.
“allowed-tools: … Memory_query, Memory_write, Read, Write, Edit, Bash, Glob, Grep, Task”
Watch permission prompts and review memory changes after scans or cleanup operations.
You are trusting the publisher’s GitHub releases for the local daemon binary.
Installation depends on downloading a release binary and, in bootstrap mode, a skill tree from GitHub. The script uses pinned versions and checksum verification, which mitigates but does not remove supply-chain reliance.
“Downloads the prebuilt `ling-mem` daemon binary … pinned to a specific version … Verifies the SHA-256 against the release's sibling .sha256 file.”
Install from trusted releases, avoid setting LING_MEM_SKIP_CHECKSUM=1, and verify the project source if your memory may contain sensitive data.
After setup, future sessions may receive memory context automatically, even when you did not explicitly ask for a memory search.
The skill documents persistent, automatic behavior that runs on future prompts. It is disclosed and purpose-aligned, but it changes future agent context without a manual memory lookup each time.
“A `UserPromptSubmit` hook runs a semantic search over your stored facts and injects the top matches as context — no manual tool call required.”
Confirm you want the per-prompt recall hook enabled, and disable or remove the hook if you only want manual memory lookup.
Your memory database can be viewed or edited through a local web interface while the daemon is running.
The memory store is exposed through a local HTTP daemon for dashboard and CRUD operations. It is localhost-only in the artifacts, but users should recognize that local processes/browser interactions may access the memory UI.
“the daemon already ships a data browser at `http://127.0.0.1:9888` with full filter / search / edit / delete.”
Keep the daemon local, do not expose port 9888 to a network, and stop the daemon when you do not need it.