TencentDB Agent Memory
WarnAudited by ClawScan on May 18, 2026.
Overview
The memory plugin mostly matches its stated purpose, but it needs review because the artifacts report hardcoded API-key literals and the plugin persistently records and reuses conversation data.
Before installing, verify that the reported hardcoded API-key literals are removed or harmless, and use your own credentials only. If you use the plugin, treat it as a long-term memory system: set retention limits, exclude sensitive agents or sessions, review stored memories/persona files, and use the remote TCVDB backend only if you trust that storage location and configuration.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If the redacted value is a real credential, the plugin could expose or rely on an unintended VectorDB account credential, making the account/data boundary unclear.
The static scan reports this as a hardcoded API secret/token in src/store/factory.ts:98 and also reports the same pattern in the migration script. A user-supplied TCVDB key is purpose-aligned, but a credential literal bundled in code is not.
apiKey: [REDACTED],
The publisher should remove any bundled secrets and require credentials to be supplied only by the user. Users should inspect the package/configuration and avoid using any default or embedded API key.
Conversations may be retained indefinitely and later reused to influence future responses, including any sensitive details or bad instructions that were captured.
The skill documents automatic capture of every conversation turn, persistent L0/L1 memory, automatic recall into context, and a default of no cleanup.
L0 — 对话录制:自动捕获每轮对话原始消息 ... Auto-Recall ... 注入系统上下文 ... l0l1RetentionDays ... 0 = 不清理
Set retention limits, configure excluded agents/sessions for sensitive work, review generated persona/scene files, and disable capture or recall when long-term memory is not desired.
If stored memories contain misleading or instruction-like content, they could steer later agent behavior unless the user monitors or cleans memory.
The skill requires OpenClaw's prompt-injection permission so it can insert recalled memory before prompt construction. This is disclosed and purpose-aligned, but it creates a channel where stored memory content can affect future system context.
allowPromptInjection 必须为 true ... before_prompt_build hook ... 将召回的记忆注入系统上下文
Keep this permission enabled only if you want automatic memory recall, and periodically inspect or clear memory content that should not affect future tasks.