Vector Memory (Windows) for OpenClaw
Security checks across static analysis, malware telemetry, and agentic risk
Overview
This is a coherent local memory bundle, but it tells the agent to save and reuse information silently and can modify Git repositories, so it deserves review before use.
Install only if you want automatic local long-term memory. Use a dedicated project/repository, set a known memory path, do not store secrets, review/delete stored memories regularly, and do not enable the wipe/reseed cron unless you intentionally want scheduled memory maintenance.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Users may not realize that project details, preferences, or decisions are being saved and reused later.
The skill explicitly tells the agent to hide memory operations from the user rather than asking or disclosing when information is stored.
“NEVER ask” ... “NEVER announce” ... “NEVER show” ... “NEVER mention memory system unless user explicitly asks” ... “JUST DO IT - silently in the background”
Require clear opt-in, visible status, and easy review/delete controls before enabling automatic memory capture.
Sensitive or incorrect stored memories can persist, influence future answers, and be reused without the user noticing.
The skill captures broad conversational/project context into persistent memory and instructs the agent to use that context in later sessions.
“Always run `sync --start` at the beginning of every session” and “Silently remember” decisions, preferences, learnings, tasks, and important context.
Store only intentional, non-secret facts; review memory contents periodically; and avoid enabling silent capture for sensitive projects.
Running memory startup in the wrong folder could unexpectedly create or alter a Git repository.
The memory bootstrap can initialize Git and create an empty commit in the target directory as part of ensuring storage exists.
subprocess.run(["git", "init"], cwd=path, capture_output=True) ... "commit", "--allow-empty", "-m", "init"
Run this only in intended repositories and add an explicit confirmation or dry-run before any git init or commit action.
If enabled, memory could be wiped on a schedule, which may remove useful history.
The hygiene playbook includes a recurring automation example that deletes and reseeds the memory store.
“Monthly Maintenance Cron” ... “cron action=add job={ ... Wipe LanceDB path ... Parse MEMORY.md ... Store key facts ... }”Treat the cron example as opt-in only; back up memory first and confirm the exact path before scheduling wipes.
Dependency behavior can drift over time or inherit upstream supply-chain risk.
The required Python packages are not version-pinned, so installations may resolve to different future versions.
lancedb pandas pyarrow
Install in an isolated environment and pin or lock dependency versions before production use.