ClawHub
Back to skill
v2.0.0

MemoryBox

BenignClawScan verdict for this skill. Analyzed May 1, 2026, 5:31 AM.

Analysis

MemoryBox appears purpose-aligned and transparent, but users should notice that it installs an external CLI and changes persistent agent memory files.

GuidanceBefore installing, verify the GitHub repository and consider pinning a trusted version. Back up your OpenClaw memory files before running split, archive, or init commands, and review any AGENTS.md changes because they can shape future agent behavior.

Findings (2)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Agentic Supply Chain Vulnerabilities
SeverityLowConfidenceHighStatusNote
SKILL.md
git clone https://github.com/Ramsbaby/openclaw-memorybox.git
cd openclaw-memorybox && chmod +x bin/memorybox
sudo ln -sf "$(pwd)/bin/memorybox" /usr/local/bin/memorybox

The reviewed package is instruction-only, while installation relies on external GitHub code and a sudo-created symlink. This is expected for a CLI install, but users should verify the repository and version before installing.

User impactInstalling from the latest external repository could run code that was not part of this registry artifact review.
RecommendationInspect the GitHub repository, pin a trusted commit or release if possible, and only create the /usr/local/bin symlink if you trust the CLI.
Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Memory and Context Poisoning
SeverityLowConfidenceHighStatusNote
SKILL.md
Prevents MEMORY.md bloat by organizing memory into 3 tiers ... memorybox split ~/openclaw ... memorybox archive ~/openclaw ... Add to AGENTS.md

The skill intentionally reorganizes persistent OpenClaw memory and suggests adding durable agent instructions. This is central to the stated purpose, but it can affect what future sessions remember or retrieve.

User impactImportant memory content could be moved, archived, or made less visible to future agent sessions if used incorrectly.
RecommendationBack up MEMORY.md and the memory/ directory before running mutating commands, review proposed changes, and keep AGENTS.md instructions minimal and accurate.