NOVA Memory
Security checks across static analysis, malware telemetry, and agentic risk
Overview
This is a coherent memory-system skill, but it asks the agent to persist and automatically reuse user memories, run scheduled maintenance, and modify agent configuration without clear approval boundaries.
Install only if you intentionally want a persistent long-term memory system. Before enabling it, decide exactly what may be stored, exclude secrets and sensitive personal data, review any AGENTS.md changes, inspect the referenced Node helper, and avoid cron or automatic commits unless you have clear logs, approvals, and rollback steps.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Private or incorrect information written into memory files could be reused in later chats and influence the agent even when the user did not intend it.
The skill tells the agent to load persistent identity, user, memory, and rule files into future sessions and treat rules as mandatory, creating a cross-session memory surface that can store sensitive data or poison future behavior.
强制规则 ... 强制执行 ... 每次会话开始时:... 读取核心身份 → identity/00-core.md ... 读取用户信息 → USER.md ... 主会话额外读取 → MEMORY.md
Use a narrowly scoped memory directory, exclude secrets and sensitive personal data, require user approval before writing or loading important memories, and provide review/deletion controls for persistent rules and memories.
The agent's memory could be changed, archived, summarized, or rewritten on a schedule without the user reviewing each action.
The skill explicitly recommends scheduled automatic maintenance via cron, which can continue modifying memory outside an active user request.
自动维护流程,每周执行一次。... 每周日 22:30 自动执行 ... 配置 cron 任务执行 NOVA 维护
Do not enable cron by default; require explicit opt-in, show the exact scheduled command, keep logs, provide a dry-run mode, and document how to disable or undo the scheduled maintenance.
The agent could change its own operating instructions or memory system in ways that persist across sessions and are hard for the user to notice or reverse.
The skill directs the agent or user to modify system/agent behavior files and commit changes, but the artifacts do not specify confirmation requirements, allowed paths, rollback steps, or containment.
八步流程 ... 4. 实施 - 更新系统文件 ... 8. 提交 - Git commit ... 在 AGENTS.md 中添加记忆加载规则
Require explicit approval before editing AGENTS.md or other system files, restrict writes to a declared memory directory, present diffs before committing, and document rollback steps.
Running or scheduling that helper would execute code that was not included in this review.
The skill references a local executable helper, while the provided package is instruction-only with no code files, so the behavior of that helper is outside the reviewed artifacts.
node skills/self-iterator/iterate.js [scope]
Inspect and trust the referenced self-iterator script before running it, and do not put it in cron unless its source, permissions, and file-writing behavior are understood.