ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Cxz9909 Agent Memory

v1.0.0

Persistent memory system for AI agents to remember facts, learn from experience, track entities, and recall context across sessions.

0· 46·1 current·1 all-time
by@cxz9909·fork of @dennis-da-menace/agent-memory (1.0.0)

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for cxz9909/cxz9909-agent-memory.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "Cxz9909 Agent Memory" (cxz9909/cxz9909-agent-memory) from ClawHub.
Skill page: https://clawhub.ai/cxz9909/cxz9909-agent-memory
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install cxz9909-agent-memory

ClawHub CLI

Package manager switcher

npx clawhub@latest install cxz9909-agent-memory
Security Scan
Capability signals
Crypto
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The name/description (persistent agent memory) aligns with the included Python code: facts, lessons, entities stored in a local SQLite DB. However there are inconsistencies: SKILL.md/README show an installation command 'clawdhub install agent-memory' and a GitHub repo/author, while the registry slug is 'cxz9909-agent-memory' and source/homepage are unknown. __init__.py exports get_memory but no get_memory definition is visible in memory.py (likely a missing symbol). These mismatches suggest the package bundle or metadata wasn't fully synchronized.
Instruction Scope
SKILL.md runtime instructions are narrowly scoped to creating/reading/updating the local memory DB and integrating mem.get_lessons/get_entity/remember at session boundaries — which is appropriate for a memory skill. It does direct persistent reads/writes to ~/.agent-memory/memory.db by default (and shows a custom db_path option). That persistence is expected but means stored content may include sensitive information the agent writes; SKILL.md does not mention encryption or access controls.
Install Mechanism
No install spec is declared (instruction-only), and the package includes source files. No external downloads or third-party dependencies are requested (requirements.txt claims 'No external dependencies'). This is lower risk from an install perspective, but the runtime will write a local SQLite DB to disk — verify filesystem permissions.
Credentials
The skill declares no required environment variables, no credentials, and no config paths beyond the default DB location. That is proportionate to the stated purpose. Note: because it persists arbitrary facts, users should avoid storing secrets in it or should configure an encrypted DB path.
Persistence & Privilege
The skill is not forced-always and allows user invocation; it will create and maintain a persistent SQLite DB by default at ~/.agent-memory/memory.db. Autonomous invocation is allowed by default (normal for skills) — consider whether you want an agent with autonomous access to a persistent memory store that can be read/written across sessions.
What to consider before installing
What to consider before installing/using this skill: - Origin and provenance: The package metadata and README/installation hints don't fully match the registry entry (different slug/owner references and no homepage). Only install from a source you trust. Ask the maintainer for a canonical repo or signed release if provenance matters. - Code sanity review: There are some coherence/quality issues in the bundle that could break usage (e.g., __init__.py exports get_memory but that function is not present in the visible memory.py, and some SQL/FTS uses look incorrect — e.g., ORDER BY fts.rank which may not exist). Run the included tests locally before deploying (tests are bundled). Expect small bugs rather than malicious behavior. - Data sensitivity: This skill persists arbitrary facts to a local SQLite DB (default ~/.agent-memory/memory.db). Do not allow the agent to store secrets (passwords, API keys, private tokens) in this DB unless you add encryption and strong filesystem permissions. Consider custom db_path pointing to an encrypted volume or in-memory DB for sensitive deployments. - Permissions and filesystem: The DB will be created with the process user permissions. Ensure the DB file has restrictive permissions (chmod 600) and is stored somewhere appropriate. - Network/exfiltration: The code shown contains no network calls or external endpoints. That reduces remote-exfil risk, but always assume an agent that can execute code and access the filesystem might be able to leak data via other skills or tooling. Limit what the agent can access or run if you have strict data controls. - Functional checks: Before using in production, run the bundled tests, and exercise common flows (remember/retrieve/export). Verify export_json and other functions behave as expected. Also inspect memory.py fully to confirm there are no hidden network calls or dynamic import/execution paths not visible in the truncated listing. - Fixes to request from author or apply locally: (1) fix the get_memory export or remove it from __init__, (2) reconcile README/install command and registry slug, (3) verify FTS usage (MATCH and ORDER BY) and ensure queries are safe and robust, (4) consider adding optional DB encryption or advice in SKILL.md about sensitive data handling. If you cannot validate the code or provenance, treat this skill as untrusted for storing or handling any secrets or PII.

Like a lobster shell, security has layers — review code before you run it.

latestvk977hytte7pe62h4j071hza40h85khyh
46downloads
0stars
1versions
Updated 2d ago
v1.0.0
MIT-0
@cxz9909
latest
Download

AgentMemory Skill

Persistent memory system for AI agents. Remember facts, learn from experience, and track entities across sessions.

Installation

clawdhub install agent-memory

Usage

from src.memory import AgentMemory

mem = AgentMemory()

# Remember facts
mem.remember("Important information", tags=["category"])

# Learn from experience
mem.learn(
    action="What was done",
    context="situation",
    outcome="positive",  # or "negative"
    insight="What was learned"
)

# Recall memories
facts = mem.recall("search query")
lessons = mem.get_lessons(context="topic")

# Track entities
mem.track_entity("Name", "person", {"role": "engineer"})

When to Use

  • Starting a session: Load relevant context from memory
  • After conversations: Store important facts
  • After failures: Record lessons learned
  • Meeting new people/projects: Track as entities

Integration with Clawdbot

Add to your AGENTS.md or HEARTBEAT.md:

## Memory Protocol

On session start:
1. Load recent lessons: `mem.get_lessons(limit=5)`
2. Check entity context for current task
3. Recall relevant facts

On session end:
1. Extract durable facts from conversation
2. Record any lessons learned
3. Update entity information

Database Location

Default: ~/.agent-memory/memory.db

Custom: AgentMemory(db_path="/path/to/memory.db")

Comments

Loading comments...