ClawHub
Back to skill
v0.1.1

Conversation Saver

ReviewClawScan verdict for this skill. Analyzed May 1, 2026, 8:22 AM.

Analysis

This is a coherent local memory tool, but it silently scans conversations and can persist extracted text into future agent memory and instruction files, so it needs careful review before installation.

GuidanceInstall only if you want automatic local long-term memory. Before enabling hooks, run dry-runs, review what it would write, turn on backups, and consider disabling writes to TOOLS.md/AGENTS.md unless each rule is manually approved.

Findings (4)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Agent Goal Hijack
SeverityHighConfidenceHighStatusConcern
scripts/persister.py
path = Path("/home/admin/.openclaw/workspace/TOOLS.md")
entry = f"\n> **[{datetime.now().date()}]** {fact['content']}"
with open(path, "a", encoding="utf-8") as f:
    f.write(entry)

Extracted conversation content can be appended directly into TOOLS.md, a persistent high-trust file likely to influence future agent tool behavior and instructions.

User impactA conversation line that is misclassified as a rule could become a lasting instruction for later agent sessions.
RecommendationRequire explicit user review before writing to TOOLS.md or AGENTS.md, store such items as quoted untrusted notes instead of instructions, and audit any existing appended rules.
Tool Misuse and Exploitation
SeverityMediumConfidenceHighStatusConcern
scripts/persister.py
elif target == "warm_memory":
    append_to_warm_memory(fact, verify=config["persistence"]["verify_after_write"])
elif target == "user_md":
    update_user_md(fact, verify=config["persistence"]["verify_after_write"])
elif target == "memory_md":
    append_to_memory(fact, verify=config["persistence"]["verify_after_write"])
elif target == "tools_md":
    append_to_tools(fact, verify=config["persistence"]["verify_after_write"])

The persistence path can mutate several durable workspace files based on extracted message content, without an approval gate in the write flow.

User impactIncorrect extraction or maliciously phrased conversation text could be written into local memory/profile/tool files and affect future work.
RecommendationMake dry-run and user approval the default for writes, limit writable targets, enforce a maximum number of facts, and keep backups before modifying memory or instruction files.
Rogue Agents
SeverityLowConfidenceHighStatusNote
SKILL.md
- **On Session End**: Automatically run after each conversation (requires AGENTS.md hook)
- **Heartbeat Backfill**: Scan recent days for missed conversations (configurable)

The background/session-end behavior is disclosed and purpose-aligned, but it creates ongoing autonomous processing after normal conversations.

User impactIf enabled, the skill may repeatedly scan recent conversations and update memory without the user invoking it each time.
RecommendationEnable the AGENTS.md hook or heartbeat only if you want ongoing automatic memory updates, and keep the scan window narrowly configured.
Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Memory and Context Poisoning
SeverityMediumConfidenceHighStatusConcern
SKILL.md
Automatically extracts key facts from your conversations and persists them to the appropriate local memory files (WARM_MEMORY.md, MEMORY.md, ontology, USER.md). Works silently in the background without interrupting the user flow.

Private conversation content is automatically transformed into persistent memory that can be reused in future contexts, with no per-fact confirmation described.

User impactPersonal details, preferences, schedules, or mistaken facts may be saved and later surfaced to the agent even if the user did not intend long-term retention.
RecommendationUse manual dry-runs first, add retention/deletion controls and exclusions, require confirmation for sensitive categories, and clearly separate raw facts from trusted instructions.