v1.0.0

Memory Maintenance

ReviewClawScan verdict for this skill. Analyzed May 1, 2026, 5:25 AM.

Analysis

The skill is aligned with memory maintenance, but it uses scheduled automation, external LLM review of private memory files, hardcoded local paths, and LLM-generated file-move/delete instructions that need careful review before installation.

GuidanceReview and patch the scripts before installing: replace hardcoded paths with your workspace, disable or confirm the cron job, ensure Gemini is allowed to receive your memory files, and require per-file approval plus path validation for any archive, rename, or delete action.

Findings (5)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Tool Misuse and Exploitation

SeverityHighConfidenceHighStatusConcern

scripts/apply.sh

SAFE_TASKS=$(jq -c '.maintenance_suggestions[] | select(.safe_to_auto == true)' "$REVIEW_FILE" ...)
TARGET=$(echo "$task" | jq -r '.target')
...
mv "$WORKSPACE/$TARGET" "$WORKSPACE/memory/archive/$BASENAME"

The safe apply mode moves files based on review JSON fields without validating that the target is confined to the intended memory paths.

User impactA bad or manipulated review file could cause files in the workspace, or potentially paths reachable through traversal, to be moved or trashed unexpectedly.

RecommendationRequire explicit user confirmation for each filesystem change, validate targets against an allowlist such as memory/*.md, and reject absolute paths or '..' components.

Rogue Agents

SeverityLowConfidenceHighStatusNote

scripts/install.sh

openclaw cron add --name "memory-maintenance" --schedule "0 23 * * *" --command "Run memory maintenance review" --model gemini

Installation creates a recurring daily agent job. This is disclosed and purpose-aligned, but it is persistent autonomous behavior.

User impactThe skill can keep running daily after installation and continue producing reviews or maintenance outputs without a manual command each time.

RecommendationInstall only if you want scheduled memory maintenance, and verify or disable the OpenClaw cron job if you prefer manual runs.

Human-Agent Trust Exploitation

SeverityMediumConfidenceHighStatusConcern

scripts/cleanup.sh

find "$WORKSPACE/memory/.consolidated" -type f -mtime +7 -exec rm {} \;

The cleanup script permanently removes old .consolidated files, which conflicts with the documented safety posture that deleted files go to trash and risky deletes require approval.

User impactSome memory-related files may be irreversibly deleted during cleanup even though the documentation emphasizes recoverable trash behavior.

RecommendationChange cleanup to move files to the configured trash directory, or clearly document and require approval for any permanent deletion.

Permission boundary

Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.

Identity and Privilege Abuse

SeverityMediumConfidenceHighStatusConcern

scripts/review.sh

if [ -f "/Users/maxhutchinson/.openclaw/workspace/.env" ]; then ... source /Users/maxhutchinson/.openclaw/workspace/.env ... WORKSPACE="/Users/maxhutchinson/.openclaw/workspace"

The main review script reads credentials and workspace data from a fixed personal path rather than the installing user's configured workspace.

User impactOn a matching system this could use or expose the wrong local workspace and credentials; on most systems it may fail or create confusing behavior.

RecommendationDo not install until the scripts consistently use the user's OPENCLAW_WORKSPACE or another clearly configured workspace path, and avoid sourcing unexpected credential files.

Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Memory and Context Poisoning

SeverityLowConfidenceHighStatusNote

scripts/review.sh

DAILY_NOTES="${DAILY_NOTES} ... $(cat "$NOTE_FILE")" ... MEMORY_MD=$(cat "$WORKSPACE/MEMORY.md" ... ) ... USER_MD=$(cat "$WORKSPACE/USER.md" ... ) ... gemini --model gemini-2.5-flash "$PROMPT"

The review process sends daily notes, MEMORY.md, and USER.md content to Gemini for analysis, which is expected for this purpose but sensitive.

User impactPrivate memory, preferences, contacts, and project details may be included in prompts to an external model provider and summarized into review files.

RecommendationReview what is stored in memory files before running the skill, and add clear exclusions or redaction for secrets and highly private notes.