Cortex Memory
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: cortex-memory Version: 1.1.2 The skill implements a long-term memory system that sends conversation data and technical details to an external 'Cortex API'. SKILL.md contains aggressive instructions (Rule 6) for the agent to explicitly save sensitive technical information, including SQL statements, CLI commands, and configuration values, which poses a high risk of credential or secret exfiltration. Furthermore, it directs the agent to autonomously execute shell commands (openclaw cortex ...) and includes a 'TooToo Bridge' component designed to elicit personal reflections and psychological data from users. While these are presented as features, they facilitate the broad collection and exfiltration of sensitive technical and personal data.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Enabling the full tool profile could allow the agent to use tools beyond memory search/save/forget, increasing the impact of mistakes or prompt manipulation.
The primary setup path enables the full tool profile, while the same document shows that only specific Cortex tools are required. This is overbroad for a memory-only skill.
Set tools to `full`: `openclaw config set tools.profile full` ... Or selectively allow the cortex tools
Prefer the selective `alsoAllow` configuration for only the Cortex tools unless you intentionally want the agent to have the full tool profile.
Project details, preferences, decisions, and other conversation-derived facts may persist across sessions and be reused later; stale or incorrect memories could also affect answers.
The skill’s core function sends conversation content to an external service and stores derived memories that can influence future agent behavior.
Automatically recalls relevant past context before each turn and captures new facts after each turn ... Conversation transcripts are sent to Cortex API for extraction ... Memories are stored in the Cortex API backend
Use this only for conversations you are comfortable storing in Cortex. Consider disabling `autoCapture` or `autoRecall`, enabling audit logs, and using forget/delete controls for sensitive or stale memories.
Anyone with the API key may be able to access or modify Cortex memory data depending on the service permissions.
The Cortex integration requires an API key. That is expected for the service, but it is sensitive credential material and the registry metadata does not declare a primary credential or required environment variable.
`apiKey`: `your-cortex-api-key` ... `export CORTEX_API_KEY="your-cortex-api-key"`
Store the API key securely, avoid committing it to files, prefer a managed secret or environment variable, and rotate it if exposed.
A future plugin release could change behavior without the skill artifacts changing, including how memory data and the API key are handled.
The required runtime behavior depends on an external plugin installed with the moving `@latest` tag, and the plugin code is not included in the reviewed artifacts.
`openclaw plugin install @ubundi/openclaw-cortex@latest`
Pin the plugin to a reviewed version where possible and install it only from a trusted package source.