Jackal Memory
PassAudited by ClawScan on May 10, 2026.
Overview
The skill is coherent for remote, recoverable agent memory, but users should treat anything saved there as sensitive because it is persisted through an external service.
Before installing, confirm you trust the Jackal Memory service and understand its retention/deletion model. Use it for deliberate agent memory, avoid storing passwords, private keys, or other secrets, and keep JACKAL_MEMORY_API_KEY out of chat logs and shared files.
Findings (2)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Saved memory may affect later agent behavior and could expose personal or secret information if inappropriate content is stored.
The skill is designed to restore persistent memory into future sessions and acknowledges that stored memory can contain sensitive information.
Load your identity/memory blob on startup before doing any work ... Treat memory content as sensitive — it may contain credentials or personal data
Store only intentional memory, avoid saving secrets or credentials, and review what is loaded from memory before letting it guide important tasks.
Anyone with the API key may be able to access or modify the user's stored memory, depending on the service's authorization model.
The client reads a bearer API key from the environment and sends it to the declared Jackal Memory API, which is expected for this service integration.
key = os.environ.get("JACKAL_MEMORY_API_KEY", "") ... "Authorization": f"Bearer {_api_key()}"Keep the API key in a secure environment variable, do not paste it into chats or logs, and rotate it if it may have been exposed.