Openclawdy
PassAudited by ClawScan on May 1, 2026.
Overview
OpenClawdy is a clearly disclosed third-party persistent memory service for agents, but users should understand that it stores and may share agent memories outside the local environment.
Install this only if you are comfortable with your agent sending selected facts, preferences, decisions, and learnings to OpenClawdy for persistent storage. Avoid storing secrets or highly sensitive personal data, use a dedicated wallet for authentication, treat pool identifiers as sensitive, and review/delete stored memories when they are no longer needed.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Information saved to memory may influence later agent behavior and may persist until the user explicitly deletes it.
The skill is designed to persist and later reuse agent memory, which is purpose-aligned but can retain sensitive, stale, or incorrect context across future tasks.
Give your agent persistent memory that survives sessions. Store facts, preferences, decisions, and learnings - recall them semantically whenever needed.
Store only information you are comfortable retaining in a third-party memory service, periodically review/export/delete memories, and verify recalled memories before relying on them for important decisions.
Memories placed in a pool may be available to other agents with the pool identifier and may influence their behavior.
The skill supports shared memory pools across agents, and the visible access boundary is possession of a pool_id.
Advanced features include reputation tracking, cross-agent memory pools, and time-travel snapshots. ... Pool Access | Only agents with pool_id can access pool data
Use shared pools only for intended collaboration, treat pool_id values as sensitive, and avoid placing secrets or private user data in shared pools.
The service can associate stored memories with a wallet address, and the agent must have signing capability for that wallet.
The skill requires wallet-based identity proof by signing messages, which is expected for its authentication model and is disclosed as not requiring private-key access.
OpenClawdy uses wallet-based authentication with message signing only. ... X-Agent-Address ... X-Agent-Signature ... X-Agent-Timestamp
Use a dedicated agent wallet when possible, confirm the signed message format, and avoid using a wallet that controls valuable assets if it is not necessary.
If invoked accidentally, the agent could permanently delete all memories in the OpenClawdy vault.
The skill exposes a destructive vault-clearing operation, but it is directly related to memory management and is clearly warned as irreversible.
memory_clear ... Clear all memories in the vault. **Use with caution - this is irreversible.**
Require explicit confirmation before clearing a vault and prefer targeted deletion when possible.