Victor Memory Hub
WarnAudited by ClawScan on May 16, 2026.
Overview
This is a disclosed memory system, but it can automatically capture, persist, sync, and reuse conversation memory across sessions with limited visible controls, so it deserves careful review before installation.
Install this only if you deliberately want a durable memory layer for your agent. Before enabling cloud sync or cron jobs, review what conversation/session data will be captured, where tokens are stored, which files may be pushed to cloud services, and how you will delete or correct unwanted memories.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Private, incorrect, or poisoned conversation details could be saved and reused by the agent in later sessions.
The skill is designed to extract session logs into persistent memory stores and later inject recalled memory into future agent context. The artifacts do not clearly show granular approval, deletion, exclusion, or containment controls for sensitive or incorrect memories.
session-extract | 22:00 CST | Scan session JSONL → MemOS extractor/reranker → `.learnings/` + `memory/YYYY-MM-DD.md` (two-pass) ... before_agent_start → MemOS Cloud recall + Active Memory sub-agent + memory-core ... Layered context injected before reply
Enable only if you want persistent memory; define what should never be stored, review generated memory files regularly, and disable cloud sync or scheduled extraction for sensitive work.
A configured MemOS token and conversation hook can allow memory data to be added to or recalled from the linked MemOS service.
The optional MemOS Cloud integration uses an API token and grants the plugin access to conversation data. This fits the memory-sync purpose, but it is sensitive account and conversation authority.
"token": "your-memos-api-token" ... "addEnabled": true ... "hooks": { "allowConversationAccess": true }Use a scoped/revocable token, store it carefully, and confirm the MemOS server is one you trust before enabling the cloud plugin.
Selected memory content may leave the local machine when cloud sync is enabled.
The sync documentation shows memory content being pushed and pulled through a cloud API using bearer-token authorization. This is disclosed and purpose-aligned, but it is an external data boundary for personal memory content.
POST /api/memo ... Authorization: Bearer <token> ... "content": "# memory content\nkey facts..."
Review which files are pushed, verify the endpoint, and avoid enabling cloud sync for sensitive local-only memories.
Memory processing can keep running on a schedule and continue changing persistent memory files.
The setup guide creates recurring background automation for memory extraction. This persistence is central to the skill's purpose, but users should know it continues operating after setup.
openclaw cron add --name "auto-memory-extract" --cron "30 18,22 * * *" ... --task "python3 user_workspace/scripts/auto_memory_extract.py --mode full"
List and review installed cron jobs after setup, and remove or disable any memory jobs you do not want running automatically.
Running setup executes code downloaded from the internet and may make system-level changes for Ollama.
The setup script can download and execute the Ollama installer. This is a disclosed, user-directed setup step for the embedding backend, but it relies on a remote installer.
curl -fsSL https://ollama.com/install.sh -o /tmp/ollama-install.sh && sh /tmp/ollama-install.sh
Use `--dry-run` first, inspect the installer source if needed, and only run the setup script from a trusted copy of the skill.