Jackal Skill
PassAudited by ClawScan on May 1, 2026.
Overview
This is a coherent remote memory skill, but it persists sensitive agent memory and uses API/encryption keys that users should protect.
This skill appears purpose-aligned: it encrypts memory locally, sends encrypted content to its remote storage API, and reloads it later. Before installing, make sure you trust the remote service, keep both the API key and encryption key private, and be careful about what memories you allow the agent to save and reuse.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Saved memories may shape future sessions and may contain personal data or credentials.
The skill is explicitly designed to reuse persistent memory across sessions, so sensitive, stale, or attacker-influenced stored content could affect later agent behavior if the user or agent over-trusts it.
Persist your memory across sessions and machines... Load your identity/memory blob on startup before doing any work... Call save at session end or on significant state changes
Use clear memory keys, review important loaded memories before relying on them, and avoid saving secrets unless you intentionally want them in persistent encrypted storage.
Anyone who obtains the API key and encryption key may be able to access or recover stored memory content.
The client uses a bearer API key for the remote memory service and stores or reads an encryption key locally. This is expected for the stated purpose, but these secrets protect access to stored memory.
"Authorization": f"Bearer {_api_key()}", ... _KEY_FILE = pathlib.Path.home() / ".config" / "jackal-memory" / "key"Keep JACKAL_MEMORY_API_KEY and JACKAL_MEMORY_ENCRYPTION_KEY private, avoid pasting them into chats or logs, and protect the local key file.
Installing dependencies changes the local Python environment and depends on the package source being trustworthy.
The skill relies on a user-directed package install for encryption support. This is central to the skill and not automatic, but users should install dependencies from a trusted Python environment.
Install dependency: `pip install cryptography`
Install the dependency in a trusted or isolated environment and verify you are using the expected cryptography package.