Cortex Memory

Key things to consider before installing: - Missing declarations: SKILL.md and README require the openclaw-cortex plugin and a Cortex API key, but the skill metadata lists no env vars or config paths. Ask the author to declare required env vars (e.g., CORTEX_API_KEY) and any required tools so you can assess permissions before enabling. - Verify the Cortex backend and plugin: only install the openclaw-cortex plugin from a trusted source and confirm where memories will be stored and who can access them. If you don't trust the Cortex backend, do not provide an API key. - Limit capture and test in a sandbox: start with autoCapture:false and autoRecall:false, or enable audit logging (/audit on or auditLog:true) before enabling auto-capture. Test behavior in an isolated workspace to confirm that sensitive data (credentials, secrets, file contents) are not being saved. - Review API key scope and retention: use least-privilege API keys and short-lived keys where possible. Confirm retention, deletion, and export policies for stored memories. - Be cautious about CLI/terminal execution: the skill tells the agent to execute openclaw cortex commands if terminal access exists. Ensure the agent runtime has limited shell privileges and that you are comfortable with it executing those commands. - Ask for metadata fixes: request that the skill author update the registry metadata to list required env vars, tools, and config paths, and to explain how secrets are filtered from captures. That change would increase transparency and reduce the suspicion. If you proceed, enable auditing, restrict API key permissions, and test thoroughly in a non-production environment first.