sense-memory
ReviewAudited by ClawScan on May 10, 2026.
Overview
The skill is coherently a Nostr-backed encrypted memory tool, but users should notice that it needs sensitive Nostr keys and creates durable memories on external relays.
This appears purpose-aligned rather than malicious. Before installing, decide what the agent is allowed to remember, use a dedicated Nostr identity, protect the private key/passphrase, choose a relay you trust, and remember that append-only journal entries may be difficult to remove from external relays.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent may retain information long after a conversation ends, and that retained context could affect future responses.
The skill intentionally creates persistent memory that can be reused across conversations and may contain sensitive user or session context.
This skill gives you memory — the ability to remember things between conversations, keep a private journal... Journal entries ... are append-only ... observations, session logs, insights
Use this only if you want persistent agent memory. Set clear rules for what may be remembered, avoid storing secrets, and periodically review or delete memories where possible.
Anyone who obtains these credentials could impersonate the Nostr identity and potentially decrypt or modify associated memories.
The skill needs access to a Nostr identity passphrase or private key so it can sign and encrypt memory events.
"NOSTRKEY_PASSPHRASE": { "description": "Passphrase to decrypt the agent's identity file for signing and encrypting memories", "required": true, "sensitive": true }, "NOSTR_NSEC": { "description": "Agent's Nostr private key...", "sensitive": true }Protect the passphrase and nsec/private key carefully, use a dedicated identity for this skill, and do not expose these values in logs or shared environments.
The installed package or a future dependency version handles sensitive memory and key material, so package provenance matters.
The runnable implementation is installed from external Python packages, and the dependency is specified as a version range rather than a fully pinned lockfile.
"install": { "pip": "sense-memory" }, "dependencies": [ "nostrkey>=0.1.1" ]Install from trusted sources, consider pinning package versions, and review the package repository before using it with real private keys or sensitive memories.