v1.0.0

Superlative Memory Manager

ReviewClawScan verdict for this skill. Analyzed May 1, 2026, 8:33 AM.

Analysis

This instruction-only memory skill is coherent, but it proposes automatic, long-term semantic memory storage without clear boundaries for sensitive data, deletion, or reuse.

GuidanceBefore installing, decide whether you want this agent to automatically retain and recall conversation context over time. Review the dependent memory skills, configure short retention where possible, avoid storing secrets, and confirm you have a way to inspect and delete saved memories.

Findings (3)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Rogue Agents

SeverityLowConfidenceHighStatusNote

SKILL.md

The skill works automatically once enabled. No manual intervention needed.

Automatic operation is purpose-aligned for a memory manager, but users should notice that compaction, tiering, and recall-related memory handling may occur without per-action confirmation.

User impactThe agent may manage and persist memory in the background after the skill is enabled, rather than only when explicitly invoked.

RecommendationReview the configuration before enabling and prefer settings that require confirmation for storing or promoting important memory.

Agentic Supply Chain Vulnerabilities

SeverityLowConfidenceHighStatusNote

openclaw.plugin.json

"requires": { "skills": [ "cognitive-memory", "memory-tiering", "context-compactor", "memory-on-demand" ] }

The submitted skill is instruction-only and depends on other skills for actual memory behavior. Those dependencies are disclosed, but their code and permissions are outside this artifact set.

User impactThe safety of the installed system will also depend on the separate memory skills it orchestrates.

RecommendationReview the required memory skills and their permissions before enabling this unified manager.

Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Memory and Context Poisoning

SeverityMediumConfidenceHighStatusConcern

SKILL.md

Tiered Storage: Hot (session), Warm (LanceDB vectors), Cold (Git-notes), Archive (compressed)

The skill proposes retaining agent memory across multiple persistent stores, including vector indexes, Git notes, and archives. The artifact does not clearly define storage boundaries, exclusions for sensitive data, deletion controls, or reuse limits.

User impactPrivate conversation content, decisions, preferences, or accidental sensitive data could be stored and later recalled across tasks or sessions.

RecommendationInstall only if you are comfortable with persistent memory. Configure strict retention, review what is stored, exclude secrets and sensitive conversations, and ensure there is a clear deletion process.