OpenClaw Memory
PassAudited by ClawScan on May 1, 2026.
Overview
This instruction-only memory-management skill is coherent, but it relies on durable memory files, a silent compaction flush, and optional embedding-provider API keys that users should knowingly configure.
Before installing, be comfortable with the agent writing and searching persistent notes under the OpenClaw workspace. Review MEMORY.md, daily logs, and AGENTS.md periodically, avoid storing secrets, and only enable external embedding providers or automatic memory flush if you want those behaviors.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Incorrect, sensitive, or over-broad notes written to memory could affect future agent responses.
The skill intentionally uses persistent disk-backed memory, so stored facts or instructions can be reused in later sessions.
The model only "remembers" what gets written to disk — nothing stays in RAM between sessions.
Periodically review MEMORY.md, daily logs, and AGENTS.md; avoid storing secrets or untrusted instructions as durable memory.
The agent may persist session information during compaction without the user noticing the exact content at the time.
The documented memory-flush behavior can cause the agent to write durable notes without a visible chat response, although this is disclosed and aligned with the skill’s purpose.
Before compaction fires, OpenClaw triggers a **silent agentic turn** ... **Silent**: agent replies with `NO_REPLY` so user doesn't see it.
If automatic memory writes are not desired, disable or review the memoryFlush configuration and inspect daily logs after long sessions.
Memory search configuration may use third-party provider credentials if the user has configured them.
The skill documents optional embedding-provider selection based on available API keys. This is expected for vector search, but it means users should intentionally configure provider credentials.
`openai` — if OpenAI API key is available ... `gemini` — if Gemini API key is available ... `voyage` — if Voyage API key is available ... `mistral` — if Mistral API key is available
Only configure embedding-provider API keys you intend to use, and review the provider’s data-handling policy before sending memory content for embeddings.