Agent Memory Architecture
PassAudited by ClawScan on May 10, 2026.
Overview
The visible artifacts describe a coherent file-based agent memory system, with noteworthy privacy and cross-session context risks that are expected for this purpose.
This skill appears safe to install as an instruction-only memory template, but use it carefully: keep the memory directory private, do not store passwords or tokens, review what gets saved, and verify cron/sub-agent messages before adding them to long-term memory.
Findings (2)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Your agent may retain private details about you, your systems, and your accounts across future sessions.
The long-term memory template is designed to store sensitive operational and account context. This is aligned with a memory skill, but those files could expose private information if shared, loaded in the wrong context, or edited incorrectly.
## Infrastructure - [Key systems, URLs, credentials locations] ... ## Relationships & Accounts - [Platform accounts, usernames]
Keep memory files in a private workspace, avoid storing actual secrets, review entries regularly, and remove outdated or sensitive information.
A bad or mistaken cron/sub-agent entry could become part of the agent's future memory and influence later behavior.
The cron inbox intentionally passes information from other sessions or sub-agents into the main memory flow. The artifact does not define identity or trust checks for those writers, so incorrect or untrusted entries could be preserved as future context.
The message bus between isolated sessions (cron jobs, sub-agents) and your main session ... reads the inbox, integrates events into daily memory, and clears processed entries
Treat cron-inbox content as untrusted until reviewed, record the source of each entry, and only promote verified information into daily logs or long-term memory.