SQ Memory
ReviewAudited by ClawScan on May 10, 2026.
Overview
The skill is a disclosed persistent-memory connector, but it needs review because it can store and share sensitive memories, lists more memory than requested, and puts stored text into request URLs.
Install only if you are comfortable giving the agent persistent memory. Prefer a local or HTTPS SQ endpoint, avoid storing passwords or highly sensitive conversation details, use distinct namespaces, review/delete memories regularly, and consider patching list_memories and the GET-based write path before relying on it for private data.
Findings (6)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent may store user details and rely on stored memory without a fresh prompt each time.
The skill asks the user to add behavior-changing instructions that make memory use automatic. This is expected for a memory skill, but it affects the agent's priorities.
Add to your agent's system prompt: ... When users mention preferences, remember them. When answering questions, check memory first.
Add these instructions only after tailoring them with rules for consent, sensitive data, and when memory should not be trusted.
An agent trying to list one category of memory may see unrelated memory coordinates and may then act on or retrieve entries outside the user's intended scope.
The prefix is computed but not used in the API request or returned-data filtering, so the tool can return all table-of-contents entries for the configured phext/namespace instead of only the requested prefix.
async list_memories(prefix) { ... const response = await this._request('GET', `/api/v2/toc?p=${encodeURIComponent(this.phext)}`); ... return lines; }Patch list_memories to pass or enforce the prefix, or document it as a full-memory listing and require user confirmation before broad enumeration.
If memories contain private conversation history, preferences, or secrets, those values can appear in URLs and may be captured by endpoint, proxy, or access logs.
The text being stored is placed directly into a GET query string when writing memory to the SQ endpoint.
const s = encodeURIComponent(text); await this._request('GET', `/api/v2/update?p=${encodeURIComponent(this.phext)}&c=${encoded}&s=${s}`);Use a POST request body over HTTPS for memory writes, and avoid storing secrets or highly sensitive data until this handling is corrected.
Anyone with the API key may be able to access or modify the associated SQ memory store, depending on the provider's controls.
The skill supports an optional SQ Cloud API key and correctly marks it as secret in the skill manifest.
"api_key": { "description": "SQ Cloud API key (leave empty for self-hosted)", "required": false, "secret": true }Use HTTPS, keep the key out of logs, rotate it if exposed, and prefer the least-privileged or self-hosted configuration when possible.
Old, incorrect, or sensitive memories can influence future sessions, and private information may remain available until explicitly deleted.
The skill intentionally creates long-lived agent memory and encourages storing conversation history for reuse after context is cleared.
Text persists forever (or until you delete it) ... Store conversation history beyond context limits
Define what may be remembered, avoid secrets, periodically review/delete memories, and treat recalled content as context to verify rather than unquestioned truth.
Agents sharing a namespace could mistake another writer's data for trusted tasks or messages.
The multi-agent example stores messages and tasks in shared memory using caller-provided agent names, without showing identity verification or message provenance checks.
async function sendMessage(fromAgent, toAgent, message) { ... await remember(coordinate, JSON.stringify({ from: fromAgent, to: toAgent, message: message, ... })) }Use separate namespaces by default, add authentication or signatures for shared messages, and require agents to validate the origin and intent of shared memory before acting.