Autobiographical Memory
PassAudited by VirusTotal on May 9, 2026.
Overview
Type: OpenClaw Skill Name: autobiographical-memory Version: 1.0.0 The 'autobiographical-memory' skill is a well-structured system for managing an AI agent's long-term memory through local Markdown files. The included Python scripts (scripts/consolidate.py and scripts/stats.py) are simple utilities for scanning daily notes and generating statistics, using only standard libraries and local file access within the expected workspace. No evidence of data exfiltration, malicious execution, or harmful prompt injection was found.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Personal details, preferences, relationship context, and project history may be stored locally and later influence the agent's answers.
The skill intentionally creates persistent memories containing personal, project, and identity-related context that may be reused in later sessions.
Structured personal memory system that enables agents to persist, consolidate, and recall episodic and semantic memories across sessions... MEMORY.md | Curated knowledge: user preferences, facts, lessons, identity
Review MEMORY.md and daily notes periodically, avoid storing secrets, and ask the agent not to remember sensitive information you do not want persisted.
The agent may change or delete saved memories during maintenance, which could affect future recall.
The consolidation workflow authorizes local mutation of the persistent memory file, including removing or archiving entries.
Read MEMORY.md for stale entries → remove or archive 5. Write updated MEMORY.md
Review proposed memory changes before accepting them, especially removals, and consider keeping version history or backups for memory files.
If you choose to run the helper script, you may not be relying on a fully readable source excerpt from this review.
The displayed helper-script artifact appears neutralized/incomplete around a removed hidden-comment-like block, limiting review of that script from the provided text. The script is optional and not auto-run, so this is a reviewability note rather than a malicious indicator.
"hiddenCommentBlocksRemoved": 1 ... if not line or line.startswith("#") or line.startswith("Inspect the installed local scripts directly before executing them, and run them only on memory directories you intend to analyze.