VM Memory Oracle
ReviewAudited by ClawScan on May 15, 2026.
Overview
VM Memory Oracle is mostly a coherent local memory skill, but its setup needs review because it uses system cron persistence and a deployment template makes stored agent memories broadly readable.
Before installing, decide whether you want persistent scheduled memory maintenance on this VM. If you use the cloud-init template, change the /data/memory ownership and permissions to a restricted OpenClaw user instead of 755, review the /etc/cron.d job, and make sure you know how to disable cron maintenance and clean up stored memory files.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Installing automated maintenance may create system-level scheduled tasks that keep running after setup and may require root/admin access.
Writing to /etc/cron.d is a system scheduler change outside the memory data directory and commonly requires elevated/admin privileges, so the permission boundary is broader than a local data-path-only memory skill.
Creates and manages cron jobs under `/etc/cron.d/openclaw-vm-memory-oracle` ... | `/etc/cron.d/openclaw-vm-memory-oracle` | Write | Cron job registration |
Clearly declare the required privilege and filesystem scope, provide an uninstall/disable command, and consider using a user-level crontab or systemd user timer instead of /etc/cron.d.
Other local users or processes on the VM could read persistent agent memories, including user preferences, decisions, and session summaries.
The documented VM setup recursively makes the persistent memory directory readable/traversable by all local users; this directory stores session-derived facts, summaries, and memory files.
- chmod -R 755 /data/memory
Use a dedicated OpenClaw user/group, set directories to 700 or 750 and files to 600 or 640 as appropriate, and avoid storing secrets in memory unless the disk and permissions are hardened.
The agent's memory can be summarized, pruned, health-checked, and updated on a schedule even when you are not actively invoking the skill.
The skill intentionally creates recurring background maintenance jobs. This is disclosed and purpose-aligned, but it persists beyond a single user request.
This registers four cron jobs: - **23:00** — Daily session summarization - **00:30** — Full consolidation ... - **Every 6h** — Health check - **Sunday 03:00** — Quality probe
Install the cron jobs only if you want ongoing autonomous maintenance, review the cron file after installation, and document how to disable or remove it.