Skill Kannaka Memory
ReviewAudited by ClawScan on May 17, 2026.
Overview
This memory/swarm skill is mostly purpose-aligned, but it relies on an undeclared external `kannaka` binary that can persist memories, handle LLM keys, and broadcast user questions to peer agents.
Review this before installing. Only use it if you trust the locally installed `kannaka` binary and the swarm peers you connect to. Do not store secrets or broadcast sensitive prompts unless you understand where the memory, snapshots, API keys, and NATS/swarm messages go.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent may run whatever `kannaka` program happens to be installed locally, and that program was not reviewed as part of this skill.
The supplied package has no install spec, no code files, and no declared required binaries, yet the skill tells the agent to operate through an external `kannaka` executable. Because that executable handles memories, swarm operations, and API key configuration, its unreviewed provenance is material.
**Binary**: `kannaka` (in PATH after install)
Install only a trusted, pinned `kannaka` binary from a known source, and the publisher should declare the binary/install source in metadata.
A question you ask through the remote broadcast path could be sent to every listening peer in the swarm.
The skill discloses a broad peer-agent broadcast channel, but the artifacts do not describe peer identity verification, authorization, trust boundaries, or how sensitive user questions are protected.
`--remote broadcast` fans the question out to every `kannaka swarm serve` peer on `KANNAKA.ask.broadcast` and collects replies
Use broadcast only with trusted peers and non-sensitive prompts unless the deployment has clear authentication, authorization, and data-boundary controls.
Information remembered through the skill may remain on disk and in event history until explicitly managed.
Durable, replayable memory and snapshots are expected for this memory skill, but they mean stored memories and derived context can persist and be reused later.
Every remember/forget/absorb publishes to JetStream; periodic snapshots ship to disk + a manifest event so disaster recovery is one command.
Avoid storing secrets or highly sensitive content, and review the data directory, snapshot, forget, and restore behavior before use.
The skill may use local LLM provider API keys if configured, which can incur cost or expose prompts to the selected provider.
LLM provider credentials are purpose-aligned for the ask/chat features, but the registry metadata declares no primary credential or required environment variables.
kannaka config set llm.api_key sk-... ... API key fallback: `cfg.llm.api_key` → `ANTHROPIC_API_KEY` / `OPENAI_API_KEY` → `KANNAKA_LLM_API_KEY`.
Use least-privilege provider keys, set spending limits where possible, and confirm which provider and model are configured before asking sensitive questions.
If started, the swarm mode may continue syncing and publishing status beyond a single command interaction.
The swarm daemon behavior is disclosed and related to the skill's purpose, but it is long-running background activity that continues publishing state while active.
`swarm join` is the canonical daemon — publishes AgentPhase ... every heartbeat, periodically flushes HRM
Start swarm daemon modes only intentionally, understand how to stop them, and avoid joining untrusted swarms.