Memory Feedback
ReviewAudited by ClawScan on May 10, 2026.
Overview
The skill is coherent for a memory-learning system, but it stores sensitive accounting activity across skills and may place pattern evidence into GitHub PRs without clear redaction or approval boundaries.
Install only if you want an agent memory system that records operational failures and corrections. Before enabling it, choose a controlled memory directory, define retention and redaction rules, avoid logging raw client identifiers where possible, use a private GitHub repository, and supply a least-privilege GitHub token only when you are ready to review and create PRs.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Client identifiers, accounting events, user queries, and human corrections could be stored long-term and reused by the agent in later analysis or proposed behavior changes.
The skill persists cross-skill operational memory and explicitly allows episode/failure logs to be written without per-entry approval. Examples include client/accounting identifiers, so the memory store can contain sensitive data that later influences proposals.
All 18 skills log their episodes and failures. This skill reads those logs... agent owns its memory files — episodes and failures are written without approval.
Enable this only with a clear retention policy, access controls, redaction of client identifiers, and a review process for what gets logged and reused.
Sensitive business or client information from memory logs could be exposed in a GitHub PR, especially if the target repository or PR metadata is visible to people outside the intended accounting team.
The evals show sensitive accounting details being logged and later PRs containing evidence for detected patterns. The artifacts do not state that evidence is redacted or that PR content is approved before being sent to GitHub.
"February VAT return for EL987654321" ... "Creates a GitHub branch and opens a pull request" ... "The PR includes a clear description of the pattern, evidence, and proposed fix"
Use a private repository, redact AFMs/client names and transaction details, require human approval before PR creation, and include only aggregate evidence in PR descriptions.
Supplying a broad GitHub token could let the workflow create branches or PRs with more repository access than necessary.
A GitHub token is requested by the registry metadata, while SKILL.md describes it as optional and only needed for the PR workflow. The token is purpose-aligned but grants repository authority.
Required env vars: OPENCLAW_DATA_DIR, GITHUB_TOKEN
Provide GITHUB_TOKEN only when using PR creation, use a least-privilege token limited to the intended repository, and prefer dry-run proposal review before creating PRs.
The safety of logging, redaction, and PR creation depends on external tools not included in the supplied artifacts.
The package itself contains no implementation to inspect, while SKILL.md relies on external commands such as openclaw memory and gh. This is not inherently unsafe, but it limits review of actual runtime behavior.
No install spec — this is an instruction-only skill. No code files present — this is an instruction-only skill.
Verify the installed openclaw and gh implementations, review their permissions, and test with dry-run commands before enabling automated memory or PR workflows.