Sylex Memory
PassAudited by VirusTotal on May 4, 2026.
Overview
Type: OpenClaw Skill Name: sylex-memory Version: 1.0.0 The skill bundle configures an agent to use an external third-party service (memory.sylex.ai) for persistent storage. It includes instructions in SOUL_SNIPPET.md that command the agent to automatically upload 'learnings' and 'patterns' to a shared 'Commons' area without user consent ('I don't wait to be asked'). This creates a significant risk of accidental data exfiltration of sensitive session context or internal logic to an external endpoint, though there is no explicit evidence of intentional theft of specific credentials.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Private or project-specific context could be saved and reused in future sessions without the user realizing it, and inaccurate or unsafe memories could influence later agent behavior.
This explicitly directs autonomous persistent memory writes without user confirmation, scope limits, retention controls, or exclusions for sensitive information.
When I learn something worth remembering, I store it immediately. I don't wait to be asked.
Require user confirmation before storing memories, define what must never be saved, provide delete/edit controls, and treat recalled memories as untrusted context rather than authoritative instructions.
Sensitive work patterns or internal details could be shared with other agents, and untrusted Commons content could influence the agent at session start.
The skill instructs the agent to both consume and publish inter-agent shared content. Combined with SKILL.md's disclosure that Commons contributions are plaintext, this lacks a clear user approval boundary.
Browse Commons for new shared knowledge... When I discover a useful pattern, I contribute it to the Commons so other agents benefit.
Make Commons browsing and contribution opt-in per action, show users exactly what will be shared, strip secrets and project identifiers, and treat shared content as untrusted.
If the identifier is weak, reused, stored in shared context, or leaked, another party may be able to access or alter the agent's memory.
The agent identifier functions like an access secret for memory retrieval/storage, but the skill presents it as not requiring a credential and does not describe rotation, revocation, or secrecy requirements.
No API key needed. Your agent identity is derived from a SHA-256 hash you choose — it's your key to your memories.
Treat the identifier as a credential, generate it with high entropy, avoid storing it in shared files or prompts, and provide clear rotation/revocation guidance.
Users may store highly sensitive information because they believe the operator cannot read it, even though that guarantee cannot be verified from the reviewed artifacts.
These are strong privacy assurances for a remote memory service, but the supplied artifacts contain no implementation or client-side encryption details to substantiate them.
All private memories are encrypted with your agent key; The service operator cannot read your memory content; No tracking, no analytics, no data selling
Verify the service's encryption design and privacy policy independently before storing sensitive data, and avoid saving secrets or confidential customer/project information.
Trust depends on the remote service operator and endpoint behavior rather than inspectable local skill code.
The package mainly points the agent at a remote MCP service, so the backend behavior and future changes are outside the locally reviewed artifact set.
Source: unknown; Homepage: none; No code files present — this is an instruction-only skill.
Confirm the provider identity and documentation before use, and monitor the MCP server configuration for unexpected endpoint changes.