better-memory Security Report — Trusted | ClawSafe

5 /100

better-memory

One-shot smart installation and ongoing maintenance for a native OpenClaw memory stack with L1 daily logs, L2 sidecar summaries, and L3 weekly rollups

This is a legitimate memory management skill that operates strictly within declared filesystem boundaries, uses no shell execution, makes no network requests, and accesses no sensitive credentials.

Skill Namebetter-memory

Duration45.2s

Enginepi

✓

Safe to install

This skill is safe to use. No security concerns identified.

Resource	Declared	Inferred	Status	Evidence
Filesystem	`WRITE`	`WRITE`	✓ Aligned	All scripts use Path.write_text/read_text within workspace scope
Shell	`NONE`	`NONE`	—	No subprocess calls found in any script
Network	`NONE`	`NONE`	—	No network requests in any script
Environment	`NONE`	`NONE`	—	No environment variable access for sensitive data
Skill Invoke	`NONE`	`NONE`	—	No cross-skill invocation detected
Database	`NONE`	`NONE`	—	No database access
Clipboard	`NONE`	`NONE`	—	No clipboard access
Browser	`NONE`	`NONE`	—	No browser automation

File Tree

16 files · 80.8 KB · 2240 lines

Python 13f · 2066L Markdown 2f · 170L YAML 1f · 4L

├─ ▾ 📁 agents

│ └─ 📋 openai.yaml YAML 4L · 252 B

├─ ▾ 📁 references

│ └─ 📝 memory-schema.md Markdown 97L · 2.7 KB

├─ ▾ 📁 scripts

│ ├─ 🐍 apply_monthly_cleanup.py Python 205L · 7.2 KB

│ ├─ 🐍 bootstrap_memory.py Python 379L · 13.7 KB

│ ├─ 🐍 capture_memory.py Python 119L · 3.9 KB

│ ├─ 🐍 emit_cron_template.py Python 73L · 2.6 KB

│ ├─ 🐍 install_heartbeat_memory_os.py Python 79L · 3.1 KB

│ ├─ 🐍 memory_os_common.py Python 102L · 3.5 KB

│ ├─ 🐍 promote_legacy_memory.py Python 151L · 6.0 KB

│ ├─ 🐍 refine_memory.py Python 710L · 25.4 KB

│ ├─ 🐍 run_daily_review.py Python 48L · 1.8 KB

│ ├─ 🐍 run_monthly_review.py Python 30L · 1004 B

│ ├─ 🐍 run_weekly_rollup.py Python 29L · 863 B

│ ├─ 🐍 smart_install.py Python 75L · 3.4 KB

│ └─ 🐍 uninstall_memory_os.py Python 66L · 2.1 KB

└─ 📝 SKILL.md Markdown 73L · 3.3 KB

Security Positives

✓ All filesystem writes scoped to workspace, memory/, and .openclaw-memory-os/

✓ No subprocess or shell execution - pure Python pathlib operations

✓ No network requests or external communications

✓ No credential harvesting or sensitive file access (~/.ssh, ~/.aws, .env)

✓ No code obfuscation, base64 encoding, or eval usage

✓ Comprehensive input validation on CLI arguments (time format, day validation)

✓ Monthly cleanup requires explicit user approval before applying changes

✓ Migration policy preserves existing memory - no destructive auto-import

✓ Cron templates are generated as text files, not auto-installed

✓ Documentation accurately describes all implemented functionality

Scan Report

File Tree

Security Positives