Personal Memory Layer
PassAudited by VirusTotal on May 6, 2026.
Overview
Type: OpenClaw Skill Name: personal-memory-layer Version: 0.1.0 The skill bundle contains instructions for an AI agent to implement a 'Personal Memory Layer' by structured profiling of user interactions, preferences, and habits. While it involves extensive data collection and storage in the `.memory-layer/` directory, the instructions in `SKILL.md` include explicit privacy safeguards, such as local-only storage and user-controlled deletion. There is no evidence of malicious code, data exfiltration, or unauthorized command execution; the behavior is entirely consistent with the stated purpose of providing personalized assistance.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent may build a long-term personal dossier from conversations, including details the user did not explicitly choose to save.
The skill instructs the agent to continuously extract and store information from conversations into persistent memory, including potentially sensitive inferences.
After each meaningful interaction: - Review recent conversation for memory-worthy content - Extract preferences, patterns, context clues, and facts - Store as structured insights
Require explicit user confirmation before saving memories, provide clear delete/export controls, limit what categories can be stored, and avoid treating inferred memories as facts.
Sensitive personal details could persist across sessions and be reused in future interactions, increasing privacy and misinterpretation risks.
The memory categories include sensitive personal context such as relationships, location/setup, and life circumstances.
Context (`.memory-layer/insights/context/`) - Current projects and goals - Life circumstances and changes - Relationships and social context - Environmental factors (location, setup)
Make sensitive categories opt-in, add retention limits, and allow the user to review or redact stored personal context before it is used.
An inaccurate, sensitive, or poisoned memory could influence future agent behavior repeatedly rather than remaining limited to one conversation.
The skill proposes propagating extracted memories into long-term memory and agent-guidance files, which can affect future sessions and behavior.
Long-Term Profile (Curated) - Location: Enhanced `MEMORY.md` + `.memory-layer/profile/` ... `AGENTS.md` # Enhanced with memory-aware guidelines
Keep personal memories separate from agent instruction files, require reviewable diffs before changing MEMORY.md or AGENTS.md, and include rollback or expiration mechanisms.
The agent may update personal memory outside the immediate task flow if the runtime permits autonomous invocation.
The skill encourages periodic memory maintenance, including during downtime, which is purpose-aligned but should be clearly user-controlled.
Periodically (during downtime or via user request): - Review accumulated insights for themes and patterns - Synthesize into coherent profile documents
Use explicit user-triggered memory updates or clear notifications before and after any autonomous memory synthesis.