Biomimetic Memory Architecture
WarnAudited by ClawScan on May 10, 2026.
Overview
The skill is coherent for memory management, but it gives itself ongoing authority to change OpenClaw memory/configuration and move memory files automatically without a clear human approval gate.
Treat this as a memory-administration tool, not a passive prompt helper. Before installing, review the bundled scripts, run the installer and verifier manually, do not auto-approve every gateway config patch, and edit or disable the weekly no-human-gate Phase 2 workflow unless you are comfortable with automatic movement of old memory files. Keep a git backup and review what personal/contact/preference data is being stored.
Findings (6)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The installer could change how your agent indexes, persists, or promotes memory, which may affect existing memory workflows and future recall behavior.
The skill directs the agent to apply OpenClaw configuration mutations automatically, including memory-wiki, active-memory, and memory-core settings, rather than requiring explicit user review for each change.
The installation is engineered to run with zero human intervention. ... Execute every `gateway config.patch` command shown under To auto-fix critical issues.
Require an explicit confirmation and a clear diff for each `gateway config.patch` command; do not let the installer or agent apply all patches automatically.
Old memory files may be moved out of the active indexed memory surface without you reviewing the candidate list, which can change what the agent remembers and retrieves.
The weekly retention workflow is instructed to move memory files automatically, even for the bucket named `review-manual`, and to run Phase 2 without waiting for approval.
All three buckets execute automatically ... `review-manual`: move source to `memory-archive/archive/` ... Automatic Execution (No Human Gate)
Keep weekly retention as a read-only audit by default; require user approval, a dry-run diff, and a rollback plan before moving files or deleting any reports.
If the model misclassifies content, it could rewrite or move multiple memory records and affect future search, recall, and behavior.
A single weekly synthesis judgment can propagate across many persistent memory files and indexes through automatic restructuring and consolidation.
Fix automatically — ... split oversized files into focused sub-files, move misplaced content to the correct file, consolidate scattered duplicates, update MEMORY.md index
Use git checkpoints, dry-run plans, and human-reviewed diffs for bulk memory restructuring; limit automatic fixes to low-risk formatting or report-only mode.
Personal, business, or relationship details from conversations can become searchable long-term memory and influence future tasks.
The skill intentionally persists contacts, preferences, user profile details, and behavioral lessons into future agent memory.
Contacts mentioned → memory/contacts/ ... Preferences stated → memory/preferences.md ... User info and communication style → USER.md
Install only if you want this level of persistent memory; review the generated memory files regularly and keep optional VOICE/INFRA collection disabled unless needed.
If the vault workflow is misused or the bundled script is not reviewed, secrets could be stored or referenced in ways you did not expect.
The skill includes a credential-handling workflow through a bundled vault script. The instruction is protective and purpose-aligned, but it still involves local secret storage.
Never write passwords, tokens, or secrets into any file. For sensitive values, instruct the user to run: `scripts/vault.sh set <key> <value>`. Reference in docs as: `vault:<key>`
Review `scripts/vault.sh` before storing secrets, prefer OS keychain-backed storage, and never put real tokens directly into memory files.
Installing the skill means running local scripts that can create directories, inspect configuration, and manage memory files.
The skill relies on local Bash and Python scripts for installation, verification, and audits. This is central to the skill’s purpose, but users should notice it because the registry lists no install spec or required binaries.
bash skills/biomimetic-memory-architecture/scripts/install.sh ... bash skills/biomimetic-memory-architecture/scripts/verify.sh ... python3 skills/biomimetic-memory-architecture/scripts/bma_retention_audit.py
Read the bundled scripts first, run them manually from the expected workspace, and avoid unattended execution until you understand their file and config effects.