v1.0.0

Long-Term Memory Manager

ReviewClawScan verdict for this skill. Analyzed May 1, 2026, 8:28 AM.

Analysis

The skill is coherent and local-only, but it can automatically write sensitive account or credential-related notes into persistent long-term memory, so it should be reviewed before use.

GuidanceInstall only if you want the agent to maintain long-term memory in ~/.openclaw/workspace. Before using consolidation, review daily memory content for secrets, credential values, or misleading instructions, and consider backing up MEMORY.md.

Findings (2)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Tool Misuse and Exploitation

SeverityLowConfidenceHighStatusNote

scripts/memory_manager.py

MEMORY_FILE.write_text("\n".join(lines), encoding="utf-8") ... shutil.move(str(file_path), str(dest))

The helper script can rewrite MEMORY.md and move daily memory files into an archive. This is purpose-aligned for memory maintenance, but it is still local data mutation.

User impactRunning consolidation or archive commands can change the user's persistent memory files and move daily records into archive folders.

RecommendationUse the mutation commands only when intended, keep backups for important memory files, and inspect the results after consolidation or archiving.

Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Memory and Context Poisoning

SeverityMediumConfidenceHighStatusConcern

scripts/memory_manager.py

r'(?:账号|account|credential):\s*(.+)' ... facts_section += entry ... write_memory_md(memory["sections"])

The script extracts any line marked as account or credential information from daily memory files and writes it into the persistent MEMORY.md file. The shown artifacts do not include redaction, approval, or validation before persistence.

User impactSensitive account or credential notes, or incorrect instructions captured in daily memory, could become durable context that influences future agent behavior.

RecommendationReview changes to MEMORY.md before accepting them, avoid storing secrets or credential values in daily memory, and add redaction or an explicit approval step for account/credential-related entries.