Openclaw Skills Smart Agent Memory
ReviewAudited by ClawScan on May 1, 2026.
Overview
This appears to be a coherent local memory tool, but it deliberately persists and reuses agent memories and offers optional scheduled maintenance and skill generation that users should review.
Install this if you want a local long-term memory system for agents. Before relying on it, decide what kinds of information may be stored, avoid saving secrets or unnecessary personal data, review the memory directory periodically, add cron jobs only if you truly want background maintenance, and inspect generated skills before enabling or sharing them.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Sensitive, stale, or incorrect memories could be retained locally and reused by future agents.
The skill documents persistent shared memory that agents may automatically search and encourages writing memories during a session.
所有 agent 通过 `memory_search`(OpenClaw 内置 mandatory recall)自动搜索 `memory/*.md` ... 记忆写入(有内容就写)
Only store information you want future agents to see; avoid secrets; periodically review, tag, forget, or garbage-collect memory entries.
If enabled, memory maintenance can run later without an active chat and may update, summarize, archive, or prune stored memory.
The skill recommends optional scheduled agent turns for reflection, GC, and session checks, which creates ongoing background activity if the user adds them.
Recommended Cron Jobs ... 每晚反思 ... 每周日 GC 归档 ... Agent 可用 `cron` 工具的 `add` action 直接添加以上任务
Add cron jobs only after reviewing them, check the cron list periodically, and remove or disable scheduled memory jobs you no longer want.
A poorly reviewed or poisoned lesson could be turned into a skill template that affects future agent behavior if enabled or shared.
Lesson content from memory is interpolated into a generated SKILL.md file, so stored memory can become future skill instructions.
const skillMd = `--- ... ${lesson.context} ... ${lesson.insight} ...`; ... fs.writeFileSync(path.join(outputDir, 'SKILL.md'), skillMd);Review and edit every generated SKILL.md before using it, keep generated skills low-trust, and do not extract skills from untrusted or suspicious memories.
The skill may execute whichever qmd binary is found on the local PATH during search operations.
The search helper automatically tries to run a local qmd executable if available, then falls back to built-in search.
execFileSync('qmd', ['query', query, '--limit', String(limit)], { encoding: 'utf8', timeout: 10000, ... })Use qmd only if installed from a trusted source, or remove it from PATH if you want the built-in JavaScript search fallback only.