Scan Report
0 /100
openclaw-memory
Lightweight file-based memory system for single-user AI agents. No databases, no APIs — just markdown files with tiered loading, grep tagging, and automatic archival.
Clean file-based memory system with straightforward shell scripts performing only documented file operations. No network access, credential harvesting, obfuscation, or hidden functionality detected.
Safe to install
No action required. This is a legitimate file-based memory management skill.
| Resource | Declared | Inferred | Status | Evidence |
|---|---|---|---|---|
| Filesystem | READ,WRITE | READ,WRITE | ✓ Aligned | SKILL.md declares tiered file loading; scripts implement file reads/writes |
| Shell | WRITE | WRITE | ✓ Aligned | Scripts/atomic-write.sh, scripts/archive-old-episodic.sh, scripts/health-check.s… |
| Network | NONE | NONE | — | No network calls in any script |
| Environment | NONE | NONE | — | Scripts use only hardcoded paths; no env iteration |
| credential | NONE | NONE | — | No credential access, SKILL.md explicitly prohibits credentials in episodic note… |
File Tree
5 files · 13.5 KB · 399 lines Markdown 2f · 267L
Shell 3f · 132L
├─
▾
references
│ └─
design-rationale.md
Markdown
├─
▾
scripts
│ ├─
archive-old-episodic.sh
Shell
│ ├─
atomic-write.sh
Shell
│ └─
health-check.sh
Shell
└─
SKILL.md
Markdown
Security Positives
✓ SKILL.md explicitly prohibits credentials in episodic notes (Safety Rules)
✓ Scripts use safe patterns: atomic writes (tmp→sync→mv), date-based archival, invariant checks
✓ No network access in any script — purely local file operations
✓ No obfuscation, base64 encoding, or eval patterns
✓ No credential harvesting or environment variable enumeration
✓ Hardcoded paths in scripts are consistent with the documented memory directory structure
✓ Simple, auditable bash scripts with no external dependencies