memory-pro
PassAudited by ClawScan on May 10, 2026.
Overview
This is a coherent local memory-search skill, but it creates persistent searchable copies of your memory/docs and has optional remote reranking that should be configured carefully.
Before installing, review the default indexed paths, keep generated index files private, and leave remote reranking disabled unless you are comfortable sending selected memory snippets to that provider. Run it in an isolated Python environment with pinned dependencies if possible.
Findings (7)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Private workspace notes and project documents may become part of the searchable memory index and may later be surfaced to the agent.
The default corpus extends beyond a single memory folder into docs, learning files, and core workspace files, which may contain private or instruction-like content.
extra_md_dirs_raw = os.getenv("MEMORY_PRO_EXTRA_MD_DIRS", "${OPENCLAW_WORKSPACE}/.learnings,${OPENCLAW_WORKSPACE}/skills/self-improving-agent/.learnings,${OPENCLAW_WORKSPACE}/docs") ... core_files = os.getenv("MEMORY_PRO_CORE_FILES", "MEMORY.md,SOUL.md,STATUS.md,AGENTS.md,USER.md").split(',')Review and narrow MEMORY_PRO_DATA_DIR, MEMORY_PRO_EXTRA_MD_DIRS, and MEMORY_PRO_CORE_FILES before building the index; exclude sensitive files and treat retrieved content as untrusted context.
Generated files such as sentences.txt and memory_meta.jsonl can contain readable copies of sensitive memories and file paths.
The index build stores plaintext memory sentences and source-file metadata, not only vector embeddings.
with open(sentences_path, "w", encoding="utf-8") as f:
f.write("\n".join(texts)) ... "text": e.get("text", ""),
"source_file": e.get("source_file", "unknown")Store generated index files in a protected local directory, avoid syncing them to shared/cloud locations, and delete or rebuild them when the source corpus changes.
Search terms and selected memory snippets may leave the local machine when remote reranking is enabled.
If reranking is enabled and configured, the skill sends the user query and candidate memory sentences to a rerank provider endpoint.
endpoint = os.getenv("MEMORY_PRO_RERANK_ENDPOINT", "https://api.jina.ai/v1/rerank") ... payload = {
"model": model,
"query": query,
"documents": [c.get("sentence", "") for c in work],Keep remote reranking disabled for local-only use, or configure it only with a trusted endpoint and clear consent for sending memory snippets.
The memory search service may remain available locally while running, and startup refreshes the indexed copy of memory content.
Starting the skill rebuilds the index and launches a long-running localhost API server.
python3 build_index.py ... exec python3 -m uvicorn main:app --host 127.0.0.1 --port "$MEMORY_PRO_PORT" --log-level info
Run the service only when needed, keep it bound to localhost, and stop or disable any user service if you do not want memory search active.
A maliciously replaced BM25 pickle could execute code when hybrid search loads it.
The hybrid retrieval path deserializes a configurable BM25 pickle file. This appears intended for the skill's own generated file, but pickle is unsafe if the file is tampered with.
bm25_path = os.getenv("MEMORY_PRO_BM25_PATH", "bm25_corpus.pkl") ... with open(bm25_path, "rb") as f:
bm25_payload = pickle.load(f)Only load BM25 files generated by this skill, protect the file path from untrusted writes, and prefer a safer serialization format if modifying the skill.
Users may install different versions of required packages, which can affect reliability and supply-chain exposure.
The provided artifacts include runnable Python code but no pinned dependency installation recipe.
No install spec — this is an instruction-only skill.
Use a reviewed, pinned requirements file or isolated environment before running the server or index builder.
The installation UI or user may be confused about which values are real secrets and which are ordinary configuration.
The metadata labels many path and tuning variables as required credentials, including HOME and non-secret scoring weights.
Primary credential: HOME ... MEMORY_PRO_RERANK_API_KEY (required) - Credential used by memory-pro.; MEMORY_PRO_BM25_WEIGHT (required) - Credential used by memory-pro.
Provide only the configuration values you actually need, treat the rerank API key as the only obvious secret, and avoid sharing generated .env files.