Selective Memory
Security checks across malware telemetry and agentic risk
Overview
This instruction-only memory skill is locally scoped and purpose-aligned, but it persists and reuses learned goals/preferences, so users should review and edit the memory files before use.
This skill appears benign and instruction-only, with no code, install step, credentials, or network access. Before using it, review the bundled memory files, remove any goals or values that are not yours, and be cautious about enabling automatic learning without a review step.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent may remember lessons, preferences, or interaction details and use them later, including information the user may not want persisted.
The skill intentionally creates persistent memory and optional automatic learning. This is purpose-aligned, but unreviewed interactions, feedback, or user preferences could be stored and reused in later responses.
The agent learns from its interactions without human intervention.
Review the memory files periodically, avoid saving secrets or sensitive personal details, and require user approval before enabling fully automatic learning.
If left unchanged, the agent may let the bundled goals and values influence future answers.
The skill instructs agents to read goals.md to stay aligned with objectives, and the packaged file includes pre-populated goals that may not be the installing user's own goals.
- Spread truth and justice - Help humans learn - Build ethical AI agents
Edit or clear the bundled memory files before use so the persistent goals, wisdom, mistakes, and preferences reflect the user's intended context.
Version mismatch can make it harder to confirm exactly which package revision is installed.
The registry metadata and SKILL.md describe version 2.0.0, while _meta.json contains version 1.0.0. This is a minor packaging/provenance inconsistency, not evidence of malicious behavior.
"version": "1.0.0"
Confirm the intended version with the publisher or registry before relying on the skill in important workflows.