Faya Session Memory
WarnAudited by ClawScan on May 10, 2026.
Overview
This appears to be a real session-memory tool, but it broadly turns private OpenClaw conversations into persistent searchable memory and includes hardcoded creator-specific context that can pollute a user’s memory.
Install only if you intentionally want past OpenClaw chats made persistent and searchable. Before running it, remove the hardcoded people/projects and `Dirk` label, add exclusions and redaction for sensitive content, run on a scoped test set first, and do not enable cron updates until you know how to disable them and delete generated memory files.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Private conversations, names, decisions, file paths, or secrets from old sessions may be retained and resurfaced in later tasks.
The skill is designed to copy broad historical session content into persistent files that future memory search can retrieve and reuse.
Layer 3: memory/sessions/ — Full session transcripts as searchable Markdown ... automatically vectorized by OpenClaw's memory search ... scans all JSONL session logs in ~/.openclaw/agents/*/sessions/
Use explicit path/session allowlists, secret/PII redaction, retention and deletion controls, and manual review before enabling broad or automatic indexing.
Future memory recall may misidentify the user or import unrelated personal context into conversations.
Every persisted user message is labeled with the hardcoded name `Dirk`, regardless of the actual user.
elif role == "user": ... lines.append(f"**Dirk:** {content}")Replace the hardcoded name with a neutral label such as `User`, or make the name an explicit user-configured setting.
The generated memory glossary can contain unrelated identities or false matches, poisoning search results and long-term context.
The glossary builder ships with pre-populated, non-generic people and project definitions instead of an empty or user-supplied entity list.
KNOWN_PEOPLE = { "annika": "Annika Reiß ...", "wolf": "Wolf ...", "tony": "Tony Robbins ..." }Remove the bundled defaults, use placeholder examples only in documentation, and require each user to configure their own entity list.
Once configured, the memory system can continue accumulating private session data without the user noticing each run.
The background behavior is disclosed and user-created, but it keeps indexing session history on an ongoing schedule.
Create two cron jobs ... Session sync + glossary rebuild (every 4-6 hours) ... Run `python3 scripts/session-to-memory.py --new`
Only create the cron jobs after reviewing the scripts, document how to disable them, and periodically audit generated memory files.
It is harder to verify maintainership, updates, or intended defaults before running the scripts on private data.
The artifacts do not provide a public source or homepage for provenance, which matters because the scripts process sensitive local session history.
Source: unknown; Homepage: none; No install spec — this is an instruction-only skill.
Verify the publisher and review the included scripts locally before running them against real session logs.