Memory System V2 1.0.0

Security checks across static analysis, malware telemetry, and agentic risk

Overview

This is a coherent local memory tool, but it will persist captured information across sessions and should be used with clear memory boundaries.

Install this if you want a local persistent memory system for your agent. Before enabling any auto-capture workflow, decide what kinds of information may be stored, avoid secrets and private data, and periodically inspect or clean $HOME/clawd/memory.

Static analysis

No static analysis findings were reported for this release.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal

Risk analysis

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

#ASI06: Memory and Context Poisoning

Low

What this means

Memories may contain personal, work, preference, or decision history and can influence future agent answers when recalled.

Why it was flagged

Captured content is written to persistent Markdown logs and a JSON index under the user's home directory.

Skill content

MEMORY_DIR="$HOME/clawd/memory" ... echo "$content" >> "$daily_file" ... '.memories += [$entry]'

Recommendation

Use clear rules for what may be captured, avoid storing secrets or highly sensitive details, and periodically review or delete the memory directory.

#ASI04: Agentic Supply Chain Vulnerabilities

Low

What this means

Publisher identity is slightly ambiguous, so users should not rely on metadata alone to establish provenance.

Why it was flagged

The packaged _meta.json owner ID differs from the registry owner ID shown in the supplied metadata, which is a provenance inconsistency even though the included runtime code is visible.

Skill content

"ownerId": "kn78s2gvpy22gb3axem6qfkgjn80aavs"

Recommendation

Verify the ClawHub listing, homepage repository, and publisher identity before installing in sensitive environments.

#ASI09: Human-Agent Trust Exploitation

Info

What this means

A user could overestimate the level of external review or safety assurance.

Why it was flagged

The documentation contains strong self-approval language; it should be treated as a project claim, not as independent security validation.

Skill content

Recommendation: DEPLOY TO PRODUCTION NOW ✅ ... Status: ✅ APPROVED FOR PRODUCTION

Recommendation

Treat the approval wording as documentation/marketing and base trust on the actual artifacts and your own deployment requirements.