Anamnesis Hub
WarnAudited by ClawScan on May 16, 2026.
Overview
This looks like a legitimate memory system, but it deserves review because it can automatically mine conversation history, persist credential-like details, and sync memory files to a cloud service.
Install only if you want an always-on persistent memory system. Before enabling cloud sync or cron jobs, review what session data will be extracted, avoid storing secrets in chats, configure redaction/exclusions, and back up memory files before using reset commands.
Findings (7)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Passwords, API keys, account details, or other sensitive chat content could be saved into persistent memory and later recalled by the agent.
The scheduled session extractor reads OpenClaw session logs and explicitly selects account/password/key configuration material for persistence into memory files, with no secret-redaction or approval boundary shown here.
输入:`~/.openclaw/agents/main/sessions/*.jsonl` ... 输出:`memory/YYYY-MM-DD.md` ... | 技术细节 | error message报错 账号密码 key配置... | 0.15 |
Add explicit secret detection/redaction, exclude credential patterns by default, and require user approval before storing credential-like content.
Private memories derived from local conversations may leave the device and be stored by a cloud service.
The pipeline pushes local memory files to an external MemOS Cloud API; those files may include extracted session content, and the documented exclusions do not show redaction of secrets or sensitive categories.
输入:本地 Markdown 文件(MEMORY.md、ARCHIVE.md、memory/YYYY-MM-DD.md) ... 输出:MemOS Cloud(`POST /api/memo`,增量推送)
Make cloud sync opt-in, document exactly what is uploaded, add redaction/exclusion rules, and provide a dry-run review before first push.
Users may believe sensitive memories are protected more strongly than they are and may allow secrets to be stored.
SHA-256 is a hash function, not encryption; describing sensitive information as encrypted this way can overstate the protection users receive.
- Encrypted sensitive info (SHA-256)
Replace this claim with accurate language, avoid storing secrets, and use real encryption with key-management details if sensitive data must be retained.
The cloud plugin can read conversation data and write memories under the configured MemOS account.
The optional MemOS Cloud integration uses an API token and conversation access to add and recall memories; this is expected for the stated cloud-memory feature but is sensitive authority.
"token": "your-memos-api-token" ... "hooks": { "allowConversationAccess": true } ... "addEnabled": trueUse a least-privilege token if available, understand what the plugin can access, and disable the cloud plugin if local-only memory is preferred.
Memory processing may continue automatically even when the user is not actively invoking the skill.
The skill documents scheduled background jobs that continue extracting, syncing, and maintaining memory after setup; this persistence is disclosed and purpose-aligned.
# Dreaming — 每日 UTC 03:00 ... daily-memory-pipeline.sh full ... # session-extract — CST 22:00 ... session-extract.py --days 5 --cleanup
Review installed cron jobs, keep only the schedules you want, and disable automatic pipelines if you prefer manual memory updates.
A compromised download source or unexpected installer change could affect the local environment.
The manual setup path includes downloading and executing remote installer/binary content; this is common for local model setup but depends on external provenance.
curl -fsSL https://ollama.com/install.sh | sh ... curl -L -o /usr/local/bin/ollama https://github.com/intel/ollama/releases/latest/download/ollama-linux-amd64
Verify download sources, prefer pinned versions or checksums, and run setup in a controlled environment.
Running the command could permanently delete local memory files.
The static scan found a destructive reset command for the memory directory; it appears user-directed, but no confirmation gate is shown in the provided evidence.
rm -rf ~/.openclaw/workspace/memory/
Back up the memory directory first and require explicit confirmation for any reset/uninstall step that deletes memories.