Memory Optimizer
Security checks across static analysis, malware telemetry, and agentic risk
Overview
This skill is mostly coherent for memory indexing and cleanup, but users should notice that it stores memory contents in a persistent index and can run a background file watcher.
Install only if you want local OpenClaw memory files indexed and monitored. Be aware that the index contains memory text, not just hashes, and the quickstart starts a background watcher. Use a virtual environment or pinned dependency for watchdog, and avoid enabling the archive workflow until the missing archive script is available and reviewed.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Sensitive or untrusted content placed in the watched memory directory can be preserved in the index and reused in later memory searches.
The watcher stores full memory chunks and their source path in the persistent .index.json file, so memory text is duplicated for later retrieval rather than only hashed.
"content": chunk, "source": file_path
Use this only on the intended OpenClaw memory folder, protect the .index.json file, and review or clean the index before storing highly sensitive or untrusted notes.
The skill can keep running and modifying the memory index until the user stops the process.
The quickstart script launches the watcher in the background, making it a long-running process that continues monitoring memory files after startup.
python3 scripts/memory-watcher.py ./memory/ &
Start the watcher only when you want continuous indexing, and use the documented stop command or process manager controls when it is no longer needed.
A future or unexpected dependency version could change behavior or affect the local Python environment.
The installer pulls the watchdog dependency without a pinned version, which is common for small tools but means the installed code can vary over time.
pip3 install watchdog
Prefer installing in a virtual environment and pin a known-good watchdog version if you need reproducible behavior.
The advertised quarterly archive feature may not work as documented, and its implementation is not available for review in these artifacts.
The metadata and documentation reference an archive script, but that script is not included in the provided file contents or manifest, so the archive behavior cannot be reviewed here.
"scripts/memory-archive.sh"
Do not configure the archive or cron workflow unless you can inspect the missing memory-archive.sh script from a trusted source.