Agent Memory Local
ReviewAudited by ClawScan on May 10, 2026.
Overview
The skill mostly does local memory search, but it can automatically use an external SiliconFlow rerank service with undeclared or generic API keys, which may expose local memory content outside the workspace.
Install only if you are comfortable with a local .memory-index copy of your memory files. Before using it, consider setting MEMORY_RERANK=0, avoid generic API_KEY in the environment, and review memory files for secrets or unsafe instructions.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A read-style memory query may update files under .memory-index without a separate manual build step.
Queries or doctor checks can automatically run the bundled build_index.py script to refresh the local index. This is disclosed and scoped to the workspace, but it is still automatic local execution and file mutation.
AUTO_REBUILD_DEFAULT = True ... proc = subprocess.run([*python_cmd(), str(BUILD_SCRIPT)], cwd=str(WORKSPACE), capture_output=True, text=True, timeout=AUTO_REBUILD_TIMEOUT, check=True)
If you want query-only behavior, set MEMORY_AUTO_REBUILD=0 and rebuild the index manually when needed.
If your environment has a generic API_KEY for another purpose, the skill may try to use it for SiliconFlow reranking unexpectedly.
The skill reads an undeclared SiliconFlow key and also a broad generic API_KEY. Registry metadata says no env vars or primary credential are required, so credential scope and user intent are unclear.
def load_siliconflow_key() -> str | None:
for env_name in ('SILICONFLOW_API_KEY', 'API_KEY'):
val = os.environ.get(env_name)Use only a clearly named SILICONFLOW_API_KEY for this skill, avoid relying on generic API_KEY, and update the metadata/docs to declare the optional credential.
Snippets or candidate text from local memory files may be sent to an external reranking provider when a key is available.
The local memory retriever has a remote provider rerank path that is enabled by default when an API key is present. Because the skill retrieves local memory candidates, this creates an outbound data flow that is not fully local.
Optional SiliconFlow rerank enhancement (default on when API key is available) ... RERANK_URL = 'https://api.siliconflow.cn/v1/rerank' ... RERANK_ENABLED_DEFAULT = True
Disable reranking with MEMORY_RERANK=0 unless you explicitly want external rerank, and document exactly what text is sent to SiliconFlow.
Sensitive facts, credentials accidentally written to memory files, or unsafe instructions in memory can persist in .memory-index and be reused in later answers.
The local index stores raw memory chunk text, not just vectors. This is expected for explainable retrieval, but it creates a persistent copy of memory content.
rec = {
'id': c.chunk_id,
'file': c.file,
'title': c.title,
'text': c.text,
'vector': normalize(vec),
}
out.write(json.dumps(rec, ensure_ascii=False) + '\n')Audit MEMORY.md, memory/*.md, and .memory-index; do not store secrets there, and treat retrieved memory as evidence to verify rather than instructions to obey.