Clawhub Memory Engine
WarnAudited by ClawScan on May 10, 2026.
Overview
The skill is clearly a memory tool, but it passively stores every conversation and adds persistent background behavior without clear limits or opt-out controls.
This skill is only appropriate if you deliberately want an always-on memory system. Before installing, review the external plugin and setup script, verify where memories are stored, confirm how to pause or disable capture, and make sure you can delete sensitive stored data.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Private or sensitive things said to the agent could be stored and later reused automatically, including information the user did not intend to save.
This shows automatic, persistent capture of all conversations, not just user-selected facts. The artifact does not describe retention, opt-out, storage boundaries, or how sensitive captured context is protected or excluded.
Two hooks passively capture every conversation. No "let me save that" — memory just happens.
Install only if you want broad persistent memory. Before use, confirm where memory is stored, how to disable capture, how to delete/export data, and whether sensitive chats can be excluded.
The memory system may continue operating in the background and may modify how the agent behaves after installation.
The setup is described as adding scheduled maintenance and patching agent instructions, which are persistent changes to the agent environment. The artifact does not explain what is patched, how cron jobs are scoped, or how to review and reverse those changes.
Setup handles: interactive core memory, legacy data migration, quality pass, maintenance crons, agent instruction patching. One command.
Review the setup script before running it, document any cron jobs or instruction changes, and make sure there is a clear disable/uninstall path.
The actual installed package may have capabilities not visible in this SKILL.md-only review.
The skill relies on an external npm plugin and setup script, but the supplied review artifacts contain no plugin code. This is an expected install pattern for a plugin-backed skill, but the code that implements the sensitive memory behavior was not available here.
openclaw plugins install @icex-labs/openclaw-memory-engine bash ~/.openclaw/extensions/memory-engine/setup.sh
Inspect the npm/GitHub package, pin a trusted version, and review setup.sh before installation.