Memory Scan

What This Skill Does

The Memory Scan skill by dgriffin831 is a robust security auditing tool designed for the OpenClaw agent ecosystem. It serves as a specialized defense mechanism, scanning critical memory and configuration files to detect unauthorized changes, malicious prompt injections, and potential security leaks. By parsing long-term memory (MEMORY.md), daily logs, and sensitive workspace configuration files like SOUL.md and GUARDRAILS.md, the skill actively identifies threats such as credential leakage, data exfiltration commands, and attempts to bypass established security protocols. It categorizes risks across a five-level severity scale, ensuring users can prioritize their remediation efforts effectively.

Installation

Installation is streamlined through the OpenClaw hub. Run the following command in your terminal to initialize the skill in your environment:

clawhub install openclaw/skills/skills/dgriffin831/memory-scan

Once installed, you can automate regular security audits by scheduling the scan script. Use bash skills/memory-scan/scripts/schedule-scan.sh to set up a daily cron job that alerts you via your configured OpenClaw notification channel whenever a medium-to-critical threat is identified.

Use Cases

This skill is ideal for power users and developers managing persistent agent identities. It is particularly useful for:

• Regular Security Audits: Automating a daily health check on agent logs to ensure no prompt injection has occurred during extended operation.
• Pre-Deployment Checks: Scanning workspace files for exposed API keys or tokens before committing agent configurations to version control.
• Incident Response: If your agent behaves erratically, running a manual scan can identify if a 'personality' change or unauthorized behavioral instruction has been injected into your memory files.
• Compliance: Ensuring that sensitive data exfiltration instructions have not been surreptitiously added to your local environment.

Example Prompts

1. "Perform a security audit on all my memory files right now and report any medium or higher threats."
2. "Scan my workspace configuration for any potential credential leaks or API keys saved in plain text."
3. "Run a quiet memory scan and update the alert status in my primary notification channel."

Tips & Limitations

• Performance: For very large datasets, the scan might take a few moments; use the --quiet flag if running frequently in the background to reduce console clutter.
• Privacy: While the tool supports --allow-remote for LLM-based analysis, be aware that this sends redacted content to an external provider. Use this only if you understand your data privacy requirements.
• Scope: Always ensure your memory/ folder is included in the default scan path; the script is optimized for the standard OpenClaw structure but may need manual adjustment if you have customized your directory layout significantly.