Memory Setup (OpenClaw)
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Information placed in memory can be recalled later and may affect future agent responses.
The skill intentionally enables persistent memory that can influence future answers; this is central to the stated purpose but should be curated because stale or sensitive notes may be reused.
Set up durable memory for OpenClaw so the agent can recall prior decisions, preferences, and todos.
Keep memory files scoped and curated, avoid secrets, and periodically remove outdated or incorrect entries.
A remote-provider API key could grant access to paid or account-bound services if stored or shared carelessly.
Remote memory providers are optional and purpose-aligned, but they require provider credentials that should be handled carefully.
If using remote provider, set corresponding API key (env var or `memorySearch.remote.apiKey`).
Prefer environment variables or a protected secret store, use least-privilege keys where available, and do not commit API keys to shared repositories.
The skill appears behaviorally benign, but the publisher/package identity is not perfectly consistent across artifacts.
These _meta.json values do not match the supplied registry metadata owner ID and slug, which is a package-identity inconsistency. There is no code or install script, so this is a low-impact provenance note rather than a behavior concern.
"ownerId": "kn7536ghgpnachhadrck7hn5bs80206b", "slug": "memory-setup"
Verify that this is the intended package before installation, especially if relying on publisher identity or update provenance.