Memory Analyzer
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: memory-analyzer Version: 1.0.0 The `analyzer.py` script and `SKILL.md` instructions are benign, performing only local text generation and printing without malicious intent or prompt injection. However, the `memory_analyzer_output.json` file, included in the skill bundle, contains sensitive personal and operational information such as a WhatsApp number, Telegram ID, internal script names, and details about API issues. While the provided Python code does not actively exfiltrate this data, its presence in the bundle constitutes an unintentional information disclosure risk, making the overall skill package suspicious due to this operational security oversight.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Private conversation details or mistaken interpretations could become persistent memory and influence future agent behavior across tasks.
The skill asks the agent to read conversation history and automatically persist derived information into multiple long-lived memory and behavior files, including AGENTS.md, without describing approval, scoping, retention, or rollback.
Reads conversation history from sessions/ ... Updates memory files: MEMORY.md, AGENTS.md, USER.md, IDENTITY.md, SOUL.md
Require explicit user approval and a visible diff before any memory write; limit which sessions and files can be read; exclude sensitive data by default; and provide rollback or deletion instructions.
Sensitive personal details could be preserved in memory files or bundled outputs and reused or exposed outside the user's intended context.
The packaged output file contains conversation-derived personal contact identifiers and user-specific routine details, showing that the memory extraction stores sensitive profile data rather than only generic preferences.
Active on WhatsApp [phone number] and Telegram id:[id].
Do not ship user-specific memory outputs in a public skill; redact personal identifiers; and document what sensitive fields are extracted, stored, and excluded.
The agent could silently add rules or preferences that affect later work, even if the extracted insight is wrong or came from an untrusted conversation segment.
Automatic mutation of memory files, especially AGENTS.md, is a high-impact action because it can change future agent behavior, but the artifact does not require user confirmation or constrain what updates are allowed.
Automatically updates relevant memory files with new insights.
Make memory updates user-directed, show proposed changes before writing, and separate harmless user preferences from agent operating rules.
Future Google Workspace actions could use broader delegated credentials than the user expects.
The suggested memory update would steer future agent behavior toward service-account-based Google Workspace access, but the artifacts do not define which account, scopes, approval process, or boundaries apply.
Codify the requirement to use Python + Service Account as primary fallback for Google Workspace tasks due to GOG OAuth stability issues.
Do not automatically add credential-use rules to AGENTS.md; require explicit administrator approval and document service-account scopes and intended tasks.
A user may trust the skill to perform real memory analysis or safe updates when the included code does not implement those controls.
The script does not actually read sessions or update memory files; it prints hardcoded notes, while SKILL.md claims automatic analysis and updates. This mismatch can mislead users about what the skill really does.
Read from sessions_list output (simulated) ... In real usage, would parse session transcripts
Clearly label the script as a demo/sample or implement the documented behavior with transparent safeguards and tests.