Hippocortex
ReviewAudited by ClawScan on May 18, 2026.
Overview
Hippocortex is a coherent persistent-memory skill, but users should understand that it automatically sends and stores selected conversation content with a memory service.
Install this skill only if you want an agent to remember important conversation content across sessions. Treat the memory store as sensitive, protect the API key, avoid sending secrets unless retention controls are clear, and consider self-hosting if you need stronger data control.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Personal, project, or preference information shared in chats may be stored long-term and used to influence later answers.
The skill is designed to persist user/assistant conversation content and extracted facts for reuse across sessions.
Store the conversation when it contains memorable content... "messages": [{"role": "user", "content": "<user message>"}, {"role": "assistant", "content": "<your response>"}]Use this only if you want persistent memory. Avoid sharing secrets unless you understand the provider’s retention/deletion controls, and consider self-hosting for sensitive work.
Using the skill can cause routine outbound calls to the configured memory service, even when the user’s immediate request is not explicitly about memory.
The skill instructs the agent to make automatic API calls as part of normal answering.
Before answering ANY user message: Synthesize... curl -s -X POST "$BASE_URL/v1/synthesize"
Confirm the configured BASE_URL is the intended Hippocortex service and disable or avoid the skill when you do not want automatic memory lookups.
Anyone with access to the API key or workspace config could potentially access or modify memory data for that Hippocortex account/session.
The skill requires a provider API key and uses it as a bearer token for memory API calls.
export HIPPOCORTEX_API_KEY="hx_live_..."
Protect the API key, avoid committing `.hippocortex.json`, and use a scoped or revocable key if the provider supports it.
The agent may periodically contact the memory service to consolidate stored memories while the skill is active.
The skill asks for recurring memory-maintenance activity, though no daemon or hidden code is included in the artifacts.
During heartbeats: Compile Run compile once per hour to consolidate memory patterns.
Use the skill only in environments where periodic memory maintenance is acceptable, and review any platform setting that controls autonomous skill invocation.
The mismatch does not show malicious behavior, but it makes package provenance slightly less clear.
The embedded metadata version differs from the submitted registry version 2.2.2, which is a minor provenance inconsistency. No executable skill code is present.
"version": "1.0.0"
Verify the publisher and version before relying on it, especially if following the optional self-hosted setup instructions.