Lancedb Memory
PassAudited by ClawScan on May 1, 2026.
Overview
The skill matches its stated local long-term memory purpose, with no evidence of exfiltration or destructive behavior, but users should notice its persistent storage, hard-coded path, and undeclared dependencies.
This appears to be a local LanceDB memory helper rather than a malicious skill. Before installing, confirm you are comfortable with persistent memory storage, avoid saving secrets unless intended, verify or change the hard-coded database path, and install dependencies only from trusted package sources.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Information saved as memory can remain on disk and may be retrieved in later interactions.
The skill creates a persistent local LanceDB store for long-term memory. That is purpose-aligned, but stored memories may contain sensitive information or influence future context.
def __init__(self, db_path: str = "/Users/prerak/clawd/memory/lancedb"):
self.db_path.mkdir(parents=True, exist_ok=True)
self.db = lancedb.connect(self.db_path)Avoid storing secrets unless intended, make the storage path and retention policy explicit, and provide a clear way to review and delete saved memories.
The skill may rely on whatever package versions are already present locally, or require manual installation outside the declared skill contract.
The included code depends on third-party Python packages, while the supplied registry metadata provides no install spec or dependency declarations. This is an under-declared dependency/provenance issue.
import lancedb import pyarrow as pa
Declare required Python packages and versions in the install metadata, and provide a homepage or source repository so users can verify provenance.
A malformed category value could potentially broaden or alter memory search results within the local memory database.
The category parameter is interpolated into a LanceDB filter expression. This is within the memory-search purpose, but callers should validate or escape filter inputs to avoid unintended query behavior.
where_clause.append(f"category = '{category}'")Validate category names or use safe parameterized/filter-builder APIs before passing user-controlled values into database filter expressions.