Memory Maintenance
ReviewAudited by ClawScan on May 10, 2026.
Overview
This skill mostly does what it says, but it needs review because it can run daily, send memory files to Gemini, and let AI-generated cleanup suggestions move workspace files without tight path limits.
Review this skill carefully before installing. Its memory-review purpose is reasonable, but you should confirm the scripts have been fixed to use your own OpenClaw workspace, inspect review JSON before applying cleanup, and be comfortable with your memory files being sent to Gemini on a scheduled basis.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A bad or poisoned review suggestion could cause the agent to move important workspace files into an archive or trash location.
The safe apply path takes generated maintenance suggestions, reads a target filepath, and moves that file without visible path allowlisting, normalization, or per-file confirmation.
SAFE_TASKS=$(jq -c '.maintenance_suggestions[] | select(.safe_to_auto == true)' "$REVIEW_FILE" ...) TARGET=$(echo "$task" | jq -r '.target') ... mv "$WORKSPACE/$TARGET" "$WORKSPACE/memory/archive/$BASENAME"
Only run apply commands after inspecting the JSON report, and the skill should restrict targets to expected memory-note paths before moving or deleting anything.
The skill may fail, use the wrong credentials, or operate on an unintended workspace path if that path exists.
The script sources credentials and operates on a fixed developer-local workspace path instead of the installer's configured OpenClaw workspace.
if [ -f "/Users/maxhutchinson/.openclaw/workspace/.env" ]; then
set -a
source /Users/maxhutchinson/.openclaw/workspace/.env
set +a
fi
WORKSPACE="/Users/maxhutchinson/.openclaw/workspace"Do not install until the scripts use `$OPENCLAW_WORKSPACE` or `$HOME/.openclaw/workspace` consistently and document exactly where credentials are loaded from.
Private agent memory and user profile details may be sent to the Gemini provider during reviews.
The review prompt includes daily notes, MEMORY.md, and USER.md, then sends that prompt to Gemini for analysis.
DAILY_NOTES="${DAILY_NOTES}...$(cat "$NOTE_FILE")"
MEMORY_MD=$(cat "$WORKSPACE/MEMORY.md" 2>/dev/null || echo "")
USER_MD=$(cat "$WORKSPACE/USER.md" 2>/dev/null || echo "")
...
gemini --model gemini-2.5-flash "$PROMPT"Install only if you are comfortable sending these memory files to Gemini; consider redacting sensitive notes and documenting this data flow clearly.
The skill can continue running daily after installation and may keep generating reviews unless the cron job is removed or disabled.
The installer creates a persistent daily cron job that invokes an agent/model-driven memory review.
openclaw cron add --name "memory-maintenance" \
--schedule "0 23 * * *" \
--command "Run memory maintenance review" \
--model geminiVerify the cron entry after installation and remove or disable it if you do not want ongoing automated memory reviews.