Chitin — Personality Persistence for AI Agents
PassAudited by ClawScan on May 10, 2026.
Overview
Chitin is coherent with its advertised persistence purpose, but it deliberately stores and reuses agent behavior instructions and depends on an external npm CLI users should verify.
Install only if you want the agent to keep a persistent personality and behavioral memory. Before using it, verify the external npm package source, then periodically inspect, edit, or delete stored insights and triggers so old, sensitive, or untrusted instructions do not steer future sessions.
Findings (2)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Stored insights or triggers may steer how the agent behaves in later conversations.
This shows the skill intentionally stores and reuses agent-personality context across sessions, which is the stated purpose but can influence future behavior if stale, overly broad, or poisoned insights are saved.
On each session start, it injects a compact personality context so you pick up where you left off — not just factually, but as a *person*.
Review and prune stored Chitin insights regularly, avoid storing secrets or sensitive personal details, and treat externally imported or low-confidence insights cautiously.
Installing the npm package runs code that was not included in the provided artifact set.
The skill instructs users to install a global npm CLI package, but the provided review artifacts contain only SKILL.md and no package code, so the external package provenance is outside this scan.
# Install npm install -g @clawdactual/chitin
Verify the npm package, publisher, and GitHub repository before installing globally, and prefer pinned versions or a trusted environment.