Cortex Memory
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Enabling the full tool profile could allow the agent to use tools beyond memory search/save/forget, increasing the impact of mistakes or prompt manipulation.
The primary setup path enables the full tool profile, while the same document shows that only specific Cortex tools are required. This is overbroad for a memory-only skill.
Set tools to `full`: `openclaw config set tools.profile full` ... Or selectively allow the cortex tools
Prefer the selective `alsoAllow` configuration for only the Cortex tools unless you intentionally want the agent to have the full tool profile.
Project details, preferences, decisions, and other conversation-derived facts may persist across sessions and be reused later; stale or incorrect memories could also affect answers.
The skill’s core function sends conversation content to an external service and stores derived memories that can influence future agent behavior.
Automatically recalls relevant past context before each turn and captures new facts after each turn ... Conversation transcripts are sent to Cortex API for extraction ... Memories are stored in the Cortex API backend
Use this only for conversations you are comfortable storing in Cortex. Consider disabling `autoCapture` or `autoRecall`, enabling audit logs, and using forget/delete controls for sensitive or stale memories.
Anyone with the API key may be able to access or modify Cortex memory data depending on the service permissions.
The Cortex integration requires an API key. That is expected for the service, but it is sensitive credential material and the registry metadata does not declare a primary credential or required environment variable.
`apiKey`: `your-cortex-api-key` ... `export CORTEX_API_KEY="your-cortex-api-key"`
Store the API key securely, avoid committing it to files, prefer a managed secret or environment variable, and rotate it if exposed.
A future plugin release could change behavior without the skill artifacts changing, including how memory data and the API key are handled.
The required runtime behavior depends on an external plugin installed with the moving `@latest` tag, and the plugin code is not included in the reviewed artifacts.
`openclaw plugin install @ubundi/openclaw-cortex@latest`
Pin the plugin to a reviewed version where possible and install it only from a trusted package source.