Cortex Memory
ReviewAudited by ClawScan on May 15, 2026.
Overview
Prompt-injection indicators were detected in the submitted artifacts (system-prompt-override); human review is required before treating this skill as clean.
Before installing, decide whether you want OpenClaw to keep long-term memories across sessions. Review auto-sync, embedding provider, and memory deletion settings, avoid storing secrets or private information you do not want retained, and back up openclaw.json before using the included CLI to enable the plugin. ClawScan detected prompt-injection indicators (system-prompt-override), so this skill requires review even though the model response was benign.
Publisher note
本插件为纯 TypeScript 运行时插件,不依赖原生二进制或系统级访问
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Conversation history or derived facts may be reused in future sessions, including if a memory is wrong, outdated, or sensitive.
The default configuration enables memory synchronization and the plugin is designed to preserve information across sessions, so inaccurate or sensitive memories can persist and influence later tasks.
autoSync: true,
llmRequiredForWrite: true,
autoReflect: false,
autoReflectIntervalMinutes: 30,Review the plugin's memory directory and configuration, disable auto-sync if you do not want automatic import, and use deletion controls for memories you do not want retained.
Text from memories may be transmitted to the embedding provider you configure.
The embedding helper sends text to a configured embedding endpoint with an API key. This is expected for vector memory, but it creates an external data boundary for remembered content.
const body = {
input: args.text,
model: args.model,
}; ... authorization: `Bearer ${args.apiKey}`, ... body: JSON.stringify(body)Use only trusted embedding endpoints, prefer local/private endpoints for sensitive data, and avoid storing secrets or private content that should not leave your environment.
A configured provider key can authorize requests to the embedding service.
The code uses an embedding API key when configured. The snippet does not show hardcoded credentials or logging, but users should understand that provider credentials are used.
const apiKey = args.embedding?.apiKey || ""; ... authorization: `Bearer ${args.apiKey}`,Use a scoped API key where possible, store it securely in OpenClaw configuration or environment-managed secrets, and rotate it if exposed.
Enabling the plugin through its CLI may change which memory system OpenClaw uses.
The CLI's enable flow edits OpenClaw configuration and disables other memory plugins to enforce exclusive memory mode. This is purpose-aligned but changes agent memory behavior globally.
const EXCLUSIVE_MEMORY_PLUGINS = ['memory-core', 'memory-lancedb']; ... config.plugins.entries[pluginId] = {
...current,
enabled: false
}; ... config.plugins.slots.memory = 'none';Back up and review openclaw.json before using the CLI enable command, and confirm that disabling other memory plugins is intended.
If pasted into an agent system prompt, the agent may prioritize memory retrieval and storage according to these rules.
The artifact provides strong system-prompt-style instructions that tell the agent when to call memory tools. They are disclosed as a user-pastable manual and are aligned with the memory purpose, but they can steer the agent's workflow.
Agent 使用手册(系统提示词) ... Cortex Memory 记忆插件使用规则(核心规则,不允许删除) ... 你已接入 Cortex Memory。必须遵循以下规则
Only add these rules if you want Cortex Memory to guide agent behavior, and keep the privacy and deletion safeguards in place.