ClawHub
Back to skill
v2.3.0

OpenClaw Memory

BenignClawScan verdict for this skill. Analyzed May 1, 2026, 5:17 AM.

Analysis

This instruction-only memory-management skill is coherent, but it relies on durable memory files, a silent compaction flush, and optional embedding-provider API keys that users should knowingly configure.

GuidanceBefore installing, be comfortable with the agent writing and searching persistent notes under the OpenClaw workspace. Review MEMORY.md, daily logs, and AGENTS.md periodically, avoid storing secrets, and only enable external embedding providers or automatic memory flush if you want those behaviors.

Findings (3)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Rogue Agents
SeverityLowConfidenceHighStatusNote
SKILL.md
Before compaction fires, OpenClaw triggers a **silent agentic turn** ... **Silent**: agent replies with `NO_REPLY` so user doesn't see it.

The documented memory-flush behavior can cause the agent to write durable notes without a visible chat response, although this is disclosed and aligned with the skill’s purpose.

User impactThe agent may persist session information during compaction without the user noticing the exact content at the time.
RecommendationIf automatic memory writes are not desired, disable or review the memoryFlush configuration and inspect daily logs after long sessions.
Permission boundary

Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.

Identity and Privilege Abuse
SeverityInfoConfidenceMediumStatusNote
SKILL.md
`openai` — if OpenAI API key is available ... `gemini` — if Gemini API key is available ... `voyage` — if Voyage API key is available ... `mistral` — if Mistral API key is available

The skill documents optional embedding-provider selection based on available API keys. This is expected for vector search, but it means users should intentionally configure provider credentials.

User impactMemory search configuration may use third-party provider credentials if the user has configured them.
RecommendationOnly configure embedding-provider API keys you intend to use, and review the provider’s data-handling policy before sending memory content for embeddings.
Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Memory and Context Poisoning
SeverityLowConfidenceHighStatusNote
SKILL.md
The model only "remembers" what gets written to disk — nothing stays in RAM between sessions.

The skill intentionally uses persistent disk-backed memory, so stored facts or instructions can be reused in later sessions.

User impactIncorrect, sensitive, or over-broad notes written to memory could affect future agent responses.
RecommendationPeriodically review MEMORY.md, daily logs, and AGENTS.md; avoid storing secrets or untrusted instructions as durable memory.