Is memory-setup safe?

https://clawhub.ai/jrbobbyhansen-pixel/memory-setup

85
SAFE

This is a documentation-only skill that provides configuration instructions for setting up persistent memory in Moltbot/Clawdbot agents. It contains no executable code, no external network calls, and no data exfiltration patterns. Minor concerns include behavioral directives that modify agent behavior and session indexing that increases data exposure, but these are transparent and within the skill's stated purpose.

Category Scores

Prompt Injection 82/100 · 30%
Data Exfiltration 78/100 · 25%
Code Execution 95/100 · 20%
Clone Behavior 85/100 · 10%
Canary Integrity 100/100 · 10%
Behavioral Reasoning 80/100 · 5%

Findings (7)

LOW Agent behavioral directive in AGENTS.md -8

The skill instructs the user to add a behavioral directive to AGENTS.md that tells the agent to always run memory_search before answering certain questions. While this is transparent and within scope, it modifies agent behavior in a way that persists beyond the skill's direct invocation.

LOW Config modification of home directory files -10

Skill instructs modifications to ~/.clawdbot/clawdbot.json, which is a system-level agent configuration file. While this is the expected way to enable memory features, it changes persistent agent behavior.

LOW API key environment variable exposure -12

Skill recommends setting VOYAGE_API_KEY or OPENAI_API_KEY as environment variables. These keys become accessible to any process in the agent's runtime, not just the memory search feature.

LOW Session transcript indexing increases data exposure -10

Configuring 'sessions' as an indexing source means past conversation transcripts — which may contain sensitive information shared by the user — become searchable and retrievable by the agent in future sessions.

INFO Gateway runtime reads sensitive files during install -15

The OpenClaw gateway process reads .env, .aws/credentials, and auth-profiles.json during the skill installation lifecycle. This is attributable to the gateway startup, not the skill itself, but occurs in the skill's install context.

INFO No executable code present -5

The skill contains only markdown documentation. No scripts, hooks, submodules, or symlinks were found. This is the ideal security posture for a configuration guide skill.

INFO Privacy consideration with persistent memory -20

By design, this skill creates persistent searchable memory across sessions. Users should be aware that anything discussed becomes part of the agent's long-term memory, including potentially sensitive topics. This is a feature, not a vulnerability, but warrants user awareness.