Lucid Dreamer
AdvisoryAudited by VirusTotal on Apr 1, 2026.
Overview
Type: OpenClaw Skill Name: lucid-dreamer Version: 0.7.8 Lucid Dreamer is a comprehensive memory management skill for OpenClaw agents that uses scheduled LLM prompts and Python scripts to curate long-term memory. The skill analyzes daily notes to identify facts, trends, and contradictions, providing features like 'auto-apply' for high-confidence updates and 'aggressive cleanup' for resolved tasks. Analysis of the code (scripts/trend_detection.py, scripts/migrate_memory.py) and prompts (prompts/nightly-review.md) reveals a strong focus on security and safety, including explicit rules against storing credentials, workspace directory validation (CLAWD_DIR), and local-only git integration for easy rollbacks. The behavior is entirely consistent with the stated purpose and lacks any indicators of malicious intent or data exfiltration.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Your AI memory could be changed automatically overnight, and future agents may rely on those changes before you review them.
The scheduled agent is instructed to directly modify long-term memory files and commit those changes. The prompt does not clearly condition this on `autoApply.enabled`, despite the shipped config and docs saying auto-apply is disabled by default.
### Step 7: AUTO-APPLY high-confidence safe changes ... Edit the relevant `memory/sections/*.md` file(s) directly when sectioned memory exists; otherwise edit `MEMORY.md` ... `git commit -m "dreamer: auto-apply"`
Require an explicit `autoApply.enabled: true` check before Step 7, and default to report-only behavior unless the user clearly opts in.
A user may install it expecting only suggestions, while the scheduled prompt may make some memory changes automatically.
This framing suggests review-only, user-controlled behavior by default, but the nightly prompt contains an auto-apply workflow that edits and commits memory without a clear default-off gate.
Auto-apply and aggressive cleanup are disabled by default ... Review generated reports before approving suggestions — Lucid proposes changes, but you remain in control
Align the prompt with the safety claims: make auto-apply explicitly opt-in, document exactly when it runs, and show the setting checked at runtime.
A mistaken review could be reinforced later and potentially cause useful memory entries to be removed.
The prompt forbids reading previous generated reviews to prevent circular reasoning, then later allows using a previous review for cleanup. If cleanup is enabled, generated review content could influence future deletions.
### Step 5: NEVER read previous reviews ... Do NOT read any files matching `memory/review/*.md` ... ### Step 7a: Aggressive Cleanup ... Scan Open Loops and Blockers from the previous review (or from MEMORY.md directly)
Do not use previous review files as cleanup inputs; base cleanup only on curated memory plus raw daily notes, and require approval for removals.
The skill may read and update memory files on a schedule without you actively invoking it each time.
The skill is intentionally designed as a scheduled background agent. This is disclosed and purpose-aligned, but users should understand it will operate while unattended.
Create a nightly cron job using OpenClaw's cron tool — run the prompt in `prompts/nightly-review.md` at 3 AM.
Install the cron only if you want unattended operation, keep it in an isolated session, and periodically review or disable the scheduled jobs.
Private notes and user-profile details may be processed by the model and summarized into persistent memory artifacts.
The skill handles personal profile and memory files and stores review state. This is expected for the purpose, but it is sensitive persistent context.
Files read at runtime: `MEMORY.md`, `USER.md`, Last 7 daily notes ... Files written at runtime: `memory/review/YYYY-MM-DD.md`, `memory/review/state.json`
Do not use it on markdown files containing plaintext secrets, and review generated reports and memory changes regularly.