Dream
WarnAudited by ClawScan on May 10, 2026.
Overview
Dream is a coherent memory-management skill, but it permanently archives personal memory, can silently re-add forgotten items, and includes a broad file-write helper that users should review before installing.
Review this carefully before installing. It does not show clear exfiltration or malware, but it is designed to keep a permanent memory archive and run silently on a schedule. Install only if you are comfortable with that retention model, keep the vault in a private location, and consider disabling the schedule or asking for true deletion, confirmation, and path-scope protections.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Information you thought was forgotten may remain archived forever and later return to active memory shown to the agent.
The skill persists personal memory, injects it into future conversations, keeps an undeletable archive, and can reintroduce removed memories.
MEMORY.md ← updated each distillation, fully injected into context each conversation ... ledger.md ← permanent archive, append-only, never deleted ... rewrite that entry to MEMORY.md with a [re-emerged] tag
Install only if you want permanent memory. Prefer an explicit delete/purge command, retention controls, and confirmation before re-emergence restores memories.
A mistaken or manipulated invocation could overwrite local files outside the intended memory vault.
The atomic-write helper can replace any path provided as the target; it does not restrict writes to DREAM_VAULT_PATH or the OpenClaw workspace.
cmd_atomic_write() ... local target="${1:-}" ... For MEMORY.md targets, also enforces character count; other files only check existence ... ensure_dir "$target" ... mv "$tmpfile" "$target"Constrain target paths with realpath checks to the workspace or Dream vault, and require user confirmation for writes outside those directories.
Your memory files may change overnight without a visible notification.
The scheduled autonomous behavior is disclosed and fits the proactive-memory purpose, but it still changes persistent memory without interrupting the user.
dream review — Daily Distillation ... Fully automatic, runs silently (no messages pushed when triggered at 03:30).
Use the schedule only if desired, and consider enabling logs or requiring review before persistent memory changes are applied.
Installation may behave differently than the registry summary suggests, and missing dependencies may cause failed or partial operation.
The skill declares dependencies and configuration in SKILL.md, but the provided registry metadata says no required binaries, env vars, or install spec.
requires: bins: - jq - wc ... config: - DREAM_VAULT_PATH ... install: - kind: brew formula: jq
Update registry metadata to match the skill requirements and document all required commands, config paths, and initialization steps.
Users may trust the skill to be more contained than the script actually enforces.
This safety claim is overbroad because the included atomic-write helper accepts an arbitrary target path and does not enforce that scope.
All file operations are strictly scoped to DREAM_VAULT_PATH and the OpenClaw workspace
Either enforce the documented path boundaries in code or revise the security claim to describe the actual limits.