Identity Persistence Layer

ReviewAudited by ClawScan on May 10, 2026.

Overview

The skill mostly matches its stated identity-tracking purpose, but it should be reviewed because it reads a local OpenClaw Google auth profile while the registry declares no credential or config requirement.

Review the code and your OpenClaw auth profiles before running this skill. It is not just a local scorer: it uses a Google/Gemini credential from a local auth profile, sends selected workspace memory files to Gemini, and stores identity snapshots on disk.

Findings (3)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Medium

#ASI03: Identity and Privilege Abuse

What this means

Installing or running the skill gives it access to a local credential store entry, even though the registry metadata says no credential or config path is required.

Why it was flagged

The script reads a local OpenClaw auth profile token, specifically a hardcoded Google profile, rather than using a declared env var or user-provided key.

Skill content

AUTH_PROFILES = Path.home() / ".openclaw" / "agents" / "main" / "agent" / "auth-profiles.json"
...
return data["profiles"]["google:vegard"]["token"]

Recommendation

Only run this after confirming which Google credential it will use. The publisher should declare the credential/config requirement, avoid hardcoded profile names, and support a user-scoped API key.

Medium

#ASI07: Insecure Inter-Agent Communication

What this means

Agent memory, user notes, relationships, and other workspace content may be sent to Google Gemini when the script runs.

Why it was flagged

The skill reads multiple local workspace memory/user files and uses the Gemini provider API for extraction.

Skill content

SOURCE_FILES = {
    "soul": WORKSPACE / "SOUL.md",
    "memory": WORKSPACE / "MEMORY.md",
    "user": WORKSPACE / "USER.md",
    "identity_md": WORKSPACE / "IDENTITY.md",
    "tools": WORKSPACE / "TOOLS.md",
    "heartbeat": WORKSPACE / "HEARTBEAT.md",
}
...
GEMINI_URL = f"https://generativelanguage.googleapis.com/v1beta/models/{GEMINI_MODEL}:generateContent"

Recommendation

Review the listed workspace files before running the full extraction, and use a Google API key/account whose data handling policy you accept.

Low

#ASI06: Memory and Context Poisoning

What this means

Sensitive summaries of beliefs, relationships, memories, and personality traits may remain on disk and influence later continuity scoring.

Why it was flagged

The skill intentionally creates persistent identity summaries and historical snapshots.

Skill content

`current_identity.json` — structured identity graph
- `snapshots/` — versioned history
- `diffs/` — change tracking between snapshots

Recommendation

Treat the generated identity directory as sensitive data, review retention expectations, and delete snapshots if you no longer want them stored.