Auto Memory Distiller
WarnAudited by ClawScan on May 18, 2026.
Overview
The skill’s purpose is coherent, but it can silently read all OpenClaw main-session logs, send raw conversation chunks to Gemini, and save long-lived memory cards without clear limits.
Review before installing. Use this only if you are comfortable with a background process reading OpenClaw session logs and sending them to Gemini. Run it manually first, use a dedicated Gemini key, add local redaction and session/path exclusions, and review or delete generated memory cards before relying on them.
Findings (6)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Private conversations, mistakes, secrets, or misleading content from old sessions can become long-lived memory and influence future agent behavior.
The code scans all main-session conversation logs and writes derived Markdown memory topics, but the artifacts do not show allowlists, exclusions, retention limits, or review before persistence.
SESSIONS_DIR = HOME_DIR / ".openclaw" / "agents" / "main" / "sessions" ... session_files = list(SESSIONS_DIR.glob("*.jsonl")) ... TOPICS_DIR = WORKSPACE_DIR / "memory" / "topics"Add explicit opt-in session/path selection, exclusion patterns, retention and deletion controls, and user review before memory cards are reused.
Sensitive conversation content, including secrets accidentally present in logs, may be sent to Google/Gemini during automatic distillation.
Raw conversation text is embedded in the prompt sent to the Gemini API; redaction is requested from the remote model rather than performed before transmission.
【待处理的对话内容 ...】\n{conversation_text}\n... client.models.generate_content(model=DISTILL_MODEL, contents=prompt, ...)Perform local secret redaction before any provider call, clearly disclose external processing, and require user-controlled scope or approval for which sessions are sent.
Once scheduled, the skill may continue silently distilling future conversations without per-run awareness.
The documentation encourages unattended recurring execution, which can keep processing and transmitting new session data after initial setup.
无需人工干预。建议把该脚本绑定到系统的 crontab 或者通过 OpenClaw 的 heartbeat 在闲暇时自动触发
Do not schedule it silently by default; add visible run logs, pause/disable controls, dry-run mode, and explicit consent for recurring operation.
Users may overestimate how well secrets are protected during processing.
The skill presents redaction as a safety feature, but users should understand that model-based redaction means sensitive text may reach the model provider before it is redacted.
安全过滤 (Redaction):利用大模型清洗真实的 API Key 和无关痛痒的报错日志。
Clarify that redaction is remote/model-based unless local pre-redaction is added.
The configured API key can be used for model calls and may incur provider charges or quota usage.
The skill uses a Gemini/Google API key from the environment or workspace .env. This is purpose-aligned, but the registry metadata declares no required env vars or primary credential.
load_dotenv(WORKSPACE_DIR / ".env"); API_KEY = os.getenv("GEMINI_API_KEY") or os.getenv("GOOGLE_API_KEY")Declare the credential requirement, use a dedicated limited key if possible, and monitor provider usage.
Installation depends on whatever package versions are resolved at install time.
The documented setup requires external Python packages, but no install spec, pinned versions, or lockfile are provided.
pip install google-genai python-dotenv
Provide a pinned requirements file or install spec and verify packages before installation.