Anti-Amnesia Agent
PassAudited by VirusTotal on May 11, 2026.
Overview
Type: OpenClaw Skill Name: anti-amnesia Version: 1.0.0 The skill is classified as suspicious due to instructions in `SKILL.md` and `templates/HEARTBEAT.md` that direct the AI agent to execute shell commands (`cron list`, `openclaw gateway status`) and read arbitrary local files (`income-tracker.md`). While these specific commands and file reads are not inherently malicious and align with the stated purpose of system health monitoring and persistent memory, they grant the agent significant capabilities that could be exploited for shell injection or unauthorized data access if the agent were to process untrusted input or if the referenced files contained sensitive information. There is no clear evidence of intentional malicious behavior like data exfiltration or backdoor installation.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Sensitive chats, secrets, business details, or mistaken instructions may be stored in workspace memory and influence later sessions.
The skill automatically persists broad conversation history and then makes those files recurring authoritative context, without artifact guidance on exclusions, redaction, retention, or user approval.
"Automatically saves full conversation"; "messages": 9999; "Daily Journals ... capture everything"; "STATE.md — Single source of truth"
Use only in trusted private workspaces; reduce the saved-message limit, exclude or redact secrets, add retention and cleanup rules, and review memory files before treating them as authoritative.
The agent may inspect local OpenClaw cron and gateway state as part of its routine heartbeat.
The heartbeat template asks the agent to run local status checks on wake-up. These appear read-only and aligned with health monitoring, but users should notice the recurring local tool use.
`cron list` → check **consecutiveErrors > 0**; `openclaw gateway status` → running?
Confirm those checks are appropriate for the workspace and keep any added process checks read-only unless you explicitly approve changes.