v0.9.31

memclaw

ReviewClawScan verdict for this skill. Analyzed May 1, 2026, 7:21 AM.

Analysis

MemClaw appears to be a coherent memory plugin, but it should be reviewed because it stores long-term personal and agent memory and has unclear privacy/provider boundaries.

GuidanceInstall only if you are comfortable replacing native memory with MemClaw and retaining long-term conversation/profile data. Verify the separate plugin source, clarify whether your LLM/embedding provider is local or remote, avoid storing secrets, and confirm how to review or delete saved memories.

Findings (5)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Human-Agent Trust Exploitation

SeverityMediumConfidenceMediumStatusConcern

references/security.md

`No External Data Transmission: Does NOT send data to external servers (all processing is local)` and `API keys ... your configured LLM/embedding provider`

The privacy claim is absolute, but the same documentation expects LLM/embedding provider configuration and provider API keys, leaving the external trust boundary unclear.

User impactA user may believe all memory processing is strictly local even when their chosen provider configuration could introduce a separate service trust boundary.

RecommendationVerify whether the configured LLM/embedding provider is local or remote before storing sensitive memories, and ask the maintainer to clarify exactly what data is sent to providers.

Agentic Supply Chain Vulnerabilities

SeverityLowConfidenceHighStatusNote

SKILL.md

`This skill requires the memclaw plugin ... obtain this plugin officially via the openclaw plugins install command if not present`

The reviewed artifact is documentation-only and depends on a separately installed plugin, so the actual runtime code comes from outside these artifacts.

User impactThe safety of the installed system depends on the separate MemClaw plugin package, not just this skill's instructions.

RecommendationInstall only from the official repository, verify the plugin identity/version, and review its permissions before enabling it.

Cascading Failures

SeverityLowConfidenceHighStatusNote

SKILL.md

`Set agents.defaults.memorySearch.enabled: false in openclaw.json to avoid conflicts with built-in memory`

The skill asks users to change a default OpenClaw memory setting, which can affect memory behavior beyond one task.

User impactIf MemClaw is misconfigured or unavailable, disabling native memory search could change recall behavior across agents or sessions.

RecommendationBack up configuration before changing it and make sure the change is reversible if MemClaw does not work as expected.

Permission boundary

Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.

Identity and Privilege Abuse

SeverityLowConfidenceHighStatusNote

references/security.md

`API keys are configured through OpenClaw plugin settings and are marked as sensitive fields.`

Provider credentials are expected for LLM/embedding configuration, but they are still sensitive account access that users should manage carefully.

User impactThe plugin may rely on sensitive provider credentials, so misuse or over-broad keys could affect the user's provider account.

RecommendationUse scoped, rotatable provider keys where possible and avoid sharing configuration files that contain secrets.

Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Memory and Context Poisoning

SeverityMediumConfidenceHighStatusConcern

references/memory-structure.md

`user/{user_id}/... personal_info` ... `agent/{agent_id}/... instructions` ... `session/{session_id}/timeline` ... `L2: Original message`

The memory structure includes persistent storage for full session messages, user personal/profile data, and learned agent instructions.

User impactPrivate conversation details and learned instructions can persist and be reused in later tasks; incorrect or maliciously influenced memories could affect future responses.

RecommendationUse explicit session IDs, avoid storing secrets, review or delete stored memories when possible, and treat retrieved memories as untrusted context rather than authoritative instructions.