Lancedb Memory
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Information saved as memory can remain on disk and may be retrieved in later interactions.
The skill creates a persistent local LanceDB store for long-term memory. That is purpose-aligned, but stored memories may contain sensitive information or influence future context.
def __init__(self, db_path: str = "/Users/prerak/clawd/memory/lancedb"):
self.db_path.mkdir(parents=True, exist_ok=True)
self.db = lancedb.connect(self.db_path)Avoid storing secrets unless intended, make the storage path and retention policy explicit, and provide a clear way to review and delete saved memories.
The skill may rely on whatever package versions are already present locally, or require manual installation outside the declared skill contract.
The included code depends on third-party Python packages, while the supplied registry metadata provides no install spec or dependency declarations. This is an under-declared dependency/provenance issue.
import lancedb import pyarrow as pa
Declare required Python packages and versions in the install metadata, and provide a homepage or source repository so users can verify provenance.
A malformed category value could potentially broaden or alter memory search results within the local memory database.
The category parameter is interpolated into a LanceDB filter expression. This is within the memory-search purpose, but callers should validate or escape filter inputs to avoid unintended query behavior.
where_clause.append(f"category = '{category}'")Validate category names or use safe parameterized/filter-builder APIs before passing user-controlled values into database filter expressions.