Memory V2
Security checks across malware telemetry and agentic risk
Overview
This appears to be a real memory/search skill, but it persists and can bulk-change memories, and one ID-based delete/search path is not safely scoped.
Review this before installing if the memory store may contain sensitive data. Use a controlled database path, avoid saving secrets, back up memories before enabling maintenance, verify the optional LLM privacy boundary, and ask the maintainer to fix ID escaping/validation for get/delete/update operations.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A malformed or malicious memory ID could cause the skill to retrieve, delete, or update the wrong stored memories.
The caller-controlled memory ID is inserted directly into LanceDB query/delete expressions. If LanceDB treats the string as an expression, a quoted or operator-containing ID could broaden reads, deletes, or updateMemory operations beyond the intended single memory.
.filter(`id = '${id}'`) ... await this.collection.delete(`id = '${id}'`);Validate memory IDs to a strict safe pattern and use parameterized or escaped filters for get/delete/update operations; require confirmation for destructive actions.
If maintenance is enabled automatically or configured poorly, many stored memories could be archived or lose detail at once.
Maintenance can evaluate up to 10,000 memories and then update low-priority entries, including replacing content with a summary when an LLM is configured and marking records archived.
const allMemories = await this.vectorStore.search('', 10000); ... await this.vectorStore.updateMemory(memory.id, { content: summary, ... }); ... status: 'archived'Run maintenance manually at first, keep backups, add a dry-run mode, and make compression/archiving thresholds explicit before scheduling it.
Private information saved as memory may remain available in later sessions, and poisoned or instruction-like memory content could influence future agent behavior if trusted blindly.
The skill persistently stores user-provided memory content, metadata, and embeddings for later semantic search and reuse.
await this.collection.add([{ id, vector: Array.from(embedding), content, metadata: { ... } }]);Only store information intended for long-term recall, avoid secrets, isolate the database path, and treat retrieved memories as untrusted context unless verified.
If the configured LLM is remote, memory contents may leave the local machine during maintenance summarization.
When an optional LLM interface is configured, memory content is included in a summarization prompt sent to that LLM interface.
const prompt = `请用一句话总结以下内容,保留核心信息:\n\n${content}`; const response = await this.llm.generate(prompt);Use a trusted/private LLM for summarization, disclose this data flow to users, and allow users to disable LLM-based compression.
Installation and first use depend on third-party packages and downloaded ML models.
The skill relies on npm-installed packages and first-run model downloads, which are disclosed and aligned with the embedding/NER purpose but add external supply-chain dependencies.
npm install ... 首次运行: 会自动下载模型(~500MB),需要网络连接
Install from a trusted source, review package-lock/dependencies, and pin or mirror models if operating in a sensitive environment.