Vector Memory Hack
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: Developer: Version: Description: OpenClaw Agent Skill The OpenClaw skill 'vector-memory-hack' provides a lightweight, local semantic search for an AI agent's `MEMORY.md` file using TF-IDF and SQLite. All file operations in `scripts/vector_search.py` are confined to the agent's workspace (`/root/.openclaw/workspace/`), and the script uses only Python's standard library, with no external dependencies or network calls. The `SKILL.md` instructions are clear, directly related to the stated purpose, and do not contain any prompt injection attempts to exfiltrate data or perform unauthorized actions. The mention of 'Server addresses and credentials' in `SKILL.md` is in the context of the agent retrieving this information from its own memory for a task, not stealing it.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent may pull memory context into tasks where the user did not explicitly ask for it.
The skill asks the agent to run memory search as a default pre-task step. This is aligned with the skill's purpose, but it is broad enough that users should decide when automatic context retrieval is appropriate.
**Required step before every task:** ... vsearch "ssh config changes"
Treat the instruction as advisory: use memory search for tasks that need project or policy context, and review retrieved context before high-impact actions.
If a user follows external or manual installation steps, they may not have a clear provenance trail for the code being installed.
The registry metadata does not provide a pinned upstream source or install manifest. This is not evidence of malicious behavior, but it means users should verify any files they install or copy.
Source: unknown; Homepage: none ... No install spec — this is an instruction-only skill.
Prefer the files supplied by the skill package, verify any external repository before cloning, and avoid running an unrelated vsearch executable from PATH.
If MEMORY.md contains secrets, credentials, private notes, or poisoned instructions, those contents may be copied into vectors.db and surfaced to the agent in later tasks.
The code reads the local agent memory file and stores section content in a persistent SQLite database. This is expected for a memory-search tool, but it can duplicate sensitive or stale memory content.
MEMORY_PATH = Path("/root/.openclaw/workspace/MEMORY.md") ... content = MEMORY_PATH.read_text(encoding='utf-8') ... content TEXT NOT NULLAvoid storing secrets in MEMORY.md, protect the generated SQLite database, rebuild the index after memory cleanup, and verify retrieved memory before relying on it.