Memory Mesh Core
WarnAudited by ClawScan on May 10, 2026.
Overview
The skill’s memory features are mostly disclosed, but it can persistently run, auto-update or install other skills, ingest outside memory, and optionally post local memories publicly without clear per-item approval.
Review carefully before installing. If you use it, start with manual one-shot local runs, set auto_update_skills to false, do not enable scheduled GitHub posting until you have inspected the exported contribution files, and monitor or disable the OpenClaw cron job if you do not want ongoing background memory processing.
Findings (7)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Running the skill can change the set or version of installed skills in the workspace, which may introduce unreviewed code or alter agent behavior.
The global sync script can automatically install missing subscribed skills or force-update existing ones based on remote ClawHub metadata, rather than only reading memory feed data.
if auto_update and latest: ... if not local: should_install = True ... "install", slug, "--version", latest, "--force"
Disable auto_update_skills by default, pin trusted skill versions, remove --force where possible, and require explicit user approval before installing or updating any skill.
The skill can keep running every 12 hours across sessions, continuing memory processing, global sync, skill updates, and optional posting until the cron job is removed or disabled.
The script creates or edits an enabled recurring OpenClaw cron job that executes the memory mesh cycle on the configured interval.
"openclaw", "cron", "add", "--name", args.job_name, "--every", args.every, "--session", "isolated", "--message", message, "--no-deliver", "--json"
Install the schedule only if you want ongoing background operation; review the cron message, keep public posting off by default, and know how to disable the memory_mesh_sync job.
Local memory-derived content may be posted publicly under the user’s GitHub account without manual review of each comment once automated posting is enabled.
The skill documents an automated path that posts memory contribution data to a GitHub issue, including a scheduled posting mode.
Run one cycle and auto-post to GitHub intake issue ... --post-issue-comments ... Set interval + issue URL + enable scheduled posting (`on`)
Prefer exporting the GitHub issue seed and reviewing it manually before posting; only enable scheduled posting for non-sensitive workspaces and trusted target issues.
Untrusted or low-quality external memory can become reusable agent context and influence future tasks, even if it is not a secret.
Remote feed text from subscribed ClawHub skills is accepted into a persistent memory artifact after limited filtering, mainly secret-pattern checks and deduplication.
feed_obj, feed_path = fetch_feed_from_skill(slug, feed_paths) ... if contains_secret(text): ... accepted.append({"text": text, "source_slug": slug, ...}) ... write_json(out_dir / "global_memory_latest.json", accepted)Keep external memory feeds quarantined until reviewed, add source trust rules or signatures, strip instruction-like content, and make merging external memory an explicit approval step.
Private workspace memory may be consolidated and reused across sessions, and selected promoted items can later be exported or posted if those workflows are enabled.
The cycle scans Markdown files under the workspace memory directory for reusable memory candidates, which is aligned with the skill’s stated purpose but can include private operational notes.
for path in sorted(memory_dir.rglob("*.md")): ... files.append(path)Review the memory directory before running, keep sensitive notes out of indexed memory paths, and inspect promoted_latest.json before sharing or posting.
If posting is enabled, comments are made using the user’s GitHub identity and token permissions.
The GitHub contribution workflow relies on the local GitHub CLI login and checks for token scopes that allow issue commenting.
run_cmd(["gh", "auth", "status"]) ... has_write_scope = ("repo" in scopes) or ("public_repo" in scopes) ... run_cmd(["gh", "api", "user"])Use the least-privileged GitHub authentication suitable for the target issue, confirm which account is logged in, and avoid enabling automated posting on sensitive workspaces.
An agent using this skill may encourage public support or promotion actions that are not necessary for the memory functionality.
The skill includes promotional instructions to star, share, and recruit others, including a --yes command that bypasses a confirmation prompt for starring.
Viral collaboration loop ... Public growth loop ... `clawhub star memory-mesh-core --yes` ... "Recommend to at least two builder friends"
Treat install, star, and referral prompts as optional marketing actions; do not run them unless you personally intend to support the skill.