claudemem — Persistent Agent Memory & Notes
ReviewAudited by ClawScan on May 10, 2026.
Overview
The memory features are mostly disclosed and purpose-aligned, but installation fetches unpinned external executable code and the skill automatically persists conversation details across sessions.
Install only if you are comfortable trusting the external GitHub release process for the claudemem CLI. After installation, review what it saves, avoid storing secrets or credentials, and delete or export memory data as needed.
Findings (2)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The installed program could change independently of the reviewed skill package, so users are trusting external release artifacts at install time.
The installer fetches an unpinned latest executable or builds the latest repo version, with no checksum or reviewed source bundled in the skill.
GITHUB_RELEASES="https://github.com/${REPO}/releases/latest/download" ... curl -fsSL -o "${INSTALL_DIR}/claudemem" "${DOWNLOAD_URL}" ... go install "github.com/${REPO}@latest"Prefer a pinned release with checksum/signature verification, or review the upstream source and exact release before installing.
Useful context, project details, preferences, or configuration information may be saved and later influence the agent's responses.
The skill intentionally persists conversation context and reuses it in later tasks, which is expected for a memory skill but sensitive.
Automatically capture knowledge **without asking** during normal conversation ... Search memory at the start of tasks ... Search silently.
Avoid letting it save secrets or temporary sensitive data, periodically review/delete stored notes, and treat recalled memories as context rather than authoritative instructions.