simple-memory-skill
ReviewAudited by ClawScan on May 10, 2026.
Overview
Prompt-injection indicators were detected in the submitted artifacts (system-prompt-override); human review is required before treating this skill as clean.
Before installing, confirm you trust the npm package/source. Use this only if you want the agent to persist memory across sessions. Do not store passwords, API keys, or highly sensitive data, and consider adding SESSION-STATE.json, MEMORY.md, and memories/ to .gitignore if the project is synced or committed. ClawScan detected prompt-injection indicators (system-prompt-override), so this skill requires review even though the model response was benign.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If enabled, the agent may read and write memory automatically before answering, and stored text can shape later responses.
The skill intentionally asks the user to place memory-use instructions in a high-priority instruction channel and to alter the agent's response order. This is purpose-aligned, but it affects agent behavior.
Add to your system prompt: You have access to local memory tools... Read SESSION-STATE.json before responding... Update SESSION-STATE.json when user shares preferences
Only add these instructions if you want persistent memory behavior. Treat memory contents as context, not commands, and do not let untrusted text control the agent.
Private preferences, decisions, deadlines, or project details may remain on disk and influence future agent behavior.
The skill persists agent memory in local files that are intended to be reused across sessions. This is the core feature, but persistent context can retain sensitive information or stale/malicious instructions.
This creates: - SESSION-STATE.json - Active working memory - MEMORY.md - Long-term curated memory - memories/ - Directory for memory storage
Review memory files regularly, avoid storing secrets, exclude memory files from version control or cloud sync if needed, and delete or correct poisoned/stale entries.
Installing or running an npm CLI requires trusting the package source and version.
The documentation asks users to execute an npm package, while the registry context lists unknown source/homepage and no install spec. The included package has no dependencies or lifecycle scripts shown, so this is a provenance notice rather than a behavior concern.
npm install -g simple-local-memory # Or use without installing npx simple-local-memory memory-init
Verify the package provenance before installing, prefer a pinned version, and inspect the package contents if using it in sensitive projects.