v1.0.0

memory-encrypted

ReviewClawScan verdict for this skill. Analyzed May 3, 2026, 12:29 AM.

Analysis

This skill is security-focused and handles persistent memory, but its encryption and automatic-backup claims are not substantiated by the provided instruction-only artifacts.

GuidanceReview before installing. The idea is purpose-aligned, but because this is security-critical and the package contains no implementation, do not assume your memory will actually be encrypted or backed up safely. If you use it, verify the implementation, protect ~/.openclaw/.memory-key, and confirm how scheduled backups and backup deletion are controlled.

Findings (3)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Human-Agent Trust Exploitation

SeverityMediumConfidenceMediumStatusConcern

SKILL.md

记忆本地加密 + 定时自动备份，防泄露、防丢失。 ... 记忆加密（AES-256） ... 本技能需要 Python 标准库支持，无额外依赖。

The skill makes strong security and privacy claims, including AES-256 encryption and automatic backup, while the supplied package is instruction-only with no code or install mechanism to substantiate those guarantees.

User impactA user may believe their memory is encrypted and reliably backed up even though the provided artifacts do not show how that protection is actually implemented.

RecommendationDo not rely on this for protecting sensitive memory unless a reviewed implementation, clear encryption method, recovery process, and backup scheduler are provided.

Rogue Agents

SeverityLowConfidenceHighStatusNote

SKILL.md

每天凌晨 3 点（固定） ... 保留最近 30 份，自动清理更旧的

The skill describes ongoing scheduled backups and automatic deletion of older backup files.

User impactThe skill may create recurring background behavior and remove old backups as part of retention management.

RecommendationOnly enable scheduled backups if you understand where backups are stored, how old backups are deleted, and how to disable the schedule.

Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Memory and Context Poisoning

SeverityMediumConfidenceHighStatusNote

SKILL.md

密钥存储在独立文件 `~/.openclaw/.memory-key` ... 密钥本身不加密，建议额外备份

The skill stores a persistent key that controls access to encrypted memory, and explicitly says the key file itself is not encrypted.

User impactIf the key file is exposed, backed up insecurely, or lost, memory confidentiality or recovery can be affected.

RecommendationProtect the key file carefully, restrict file permissions, and keep any key backup separate and secure.