Firm Hebbian Memory
ReviewAudited by ClawScan on May 10, 2026.
Overview
The skill’s adaptive-memory purpose is coherent, but it encourages persistent automatic harvesting of session logs into memory tooling whose implementation is not included for review.
Review this skill before installing. It is not clearly malicious, but enabling the recommended hook or cron job would automatically collect session logs into persistent memory. Only use it with a trusted MCP implementation, restricted log paths, strong secret scanning, and a clear way to inspect and delete stored memory.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Private session content could be stored and later reused to influence future agent behavior.
The skill harvests session logs into persistent local memory, then uses them to derive rules and patterns. Session logs may contain private user context, code, or secrets, and the artifact does not define clear retention, deletion, or per-session approval controls.
[ openclaw_hebbian_harvest ] → extrait résumé + tags + règles (PII stripped)
↓
[ SQLite local ] → stockage épisodique structuréUse only with explicit opt-in, restrict which sessions are ingested, review stored summaries, define retention/deletion rules, and use a dedicated secret scanner before storing logs.
The memory harvester may continue processing session logs automatically after setup, even when the user is not actively invoking the skill.
The skill documents a cron job that repeatedly ingests new session logs in the background. This creates persistent behavior beyond a single user-invoked task.
# Toutes les 30 min, ingérer les nouveaux JSONL */30 * * * * /bin/bash ~/.openclaw/hooks/post-session.sh >> ~/.openclaw/hebbian-harvest.log 2>&1
Treat the hook and cron job as optional, require explicit user confirmation before enabling them, and document a clear disable/uninstall procedure.
Users cannot verify from these artifacts what code will process session logs or update Claude.md memory layers.
The skill relies on an external MCP extension for the actual log harvesting and weight-update tools, while the provided artifact set has no code files or install spec to inspect that implementation.
requires:
- mcp-openclaw-extensions >= 1.2.0Require a pinned, reviewable dependency source, include an install spec or audited code manifest, and verify the localhost MCP server before enabling the skill.
If used carefully, the mutation step is reviewable; if dry-run is bypassed, it could change the agent’s working rules.
The skill includes a tool that can apply memory weight updates, but the artifact says dry-run is the default and the pipeline requires human review before applying changes.
openclaw_hebbian_weight_update — calcul/application des poids hebbiens (dry_run par défaut)
Keep dry-run enabled by default and require explicit human approval before any Claude.md or memory-rule changes are applied.