Memory Setup (OpenClaw)
PassAudited by VirusTotal on May 11, 2026.
Overview
Type: OpenClaw Skill Name: memory-setup-openclaw Version: 1.0.0 The skill bundle provides instructions for configuring and validating OpenClaw's memory recall feature. The `SKILL.md` file details how to set up memory files, configure memory search settings (including API keys for remote providers), and verify functionality. While it includes instructions for the AI agent on how to prioritize `memory_search` and `memory_get` tools, these are aligned with the skill's stated purpose of improving memory recall and do not constitute malicious prompt injection. There is no evidence of data exfiltration, unauthorized execution, persistence mechanisms, or other harmful behaviors.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Information placed in memory can be recalled later and may affect future agent responses.
The skill intentionally enables persistent memory that can influence future answers; this is central to the stated purpose but should be curated because stale or sensitive notes may be reused.
Set up durable memory for OpenClaw so the agent can recall prior decisions, preferences, and todos.
Keep memory files scoped and curated, avoid secrets, and periodically remove outdated or incorrect entries.
A remote-provider API key could grant access to paid or account-bound services if stored or shared carelessly.
Remote memory providers are optional and purpose-aligned, but they require provider credentials that should be handled carefully.
If using remote provider, set corresponding API key (env var or `memorySearch.remote.apiKey`).
Prefer environment variables or a protected secret store, use least-privilege keys where available, and do not commit API keys to shared repositories.
The skill appears behaviorally benign, but the publisher/package identity is not perfectly consistent across artifacts.
These _meta.json values do not match the supplied registry metadata owner ID and slug, which is a package-identity inconsistency. There is no code or install script, so this is a low-impact provenance note rather than a behavior concern.
"ownerId": "kn7536ghgpnachhadrck7hn5bs80206b", "slug": "memory-setup"
Verify that this is the intended package before installation, especially if relying on publisher identity or update provenance.