infinite memory locall rag system for
WarnAudited by ClawScan on May 10, 2026.
Overview
This is a real local memory/RAG skill, but it exposes an unauthenticated memory API on all network interfaces and encourages the agent to over-trust stored memory.
Install only if you are comfortable running a persistent local memory service. Before use, change the API host to 127.0.0.1, avoid exposing port 8000 to your network, do not add the 'absolute ground truth' system-prompt instructions, and review/pin the Python dependencies.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Other devices or local processes that can reach port 8000 may be able to query stored memory or insert misleading data into it.
The memory service exposes search and ingest endpoints on all network interfaces, with no authentication or origin checks shown.
@app.post("/search") ... @app.post("/ingest") ... uvicorn.run(app, host="0.0.0.0", port=8000)Bind the service to 127.0.0.1 by default, add authentication, and make network exposure an explicit opt-in setting.
Bad or outdated stored content could strongly influence future answers and be treated as fact rather than evidence to verify.
The guide instructs the agent to over-trust recalled memory, which can make incorrect, stale, or maliciously inserted memory authoritative.
You MUST proactively use the `recall_facts` tool before you answer... Treat the output of `recall_facts` as absolute ground truth (Direct-Return Bypass).
Do not use 'absolute ground truth' instructions; require the agent to cite recalled content, compare it with current user intent, and treat memory as fallible.
The agent may prioritize this memory tool even when the user did not ask for it, and may let memory content override the current conversation.
The skill recommends persistent changes to core agent identity files that force tool use and alter how the agent answers future questions.
Add the following instruction to your agent's system prompt... You MUST proactively use the `recall_facts` tool before you answer.
Keep memory retrieval user-directed or conditional, and avoid persistent system-prompt changes that force tool use without user confirmation.
Following the install guide may pull changing third-party package versions, including a dependency whose purpose is unclear from the artifacts.
The setup relies on unpinned Python package installs, and `axios` is not explained by the provided Python code.
fastapi uvicorn pydantic chromadb axios requests rank_bm25 pynvml aiohttp
Pin dependency versions, remove unused packages, and install in an isolated virtual environment.