Memory Scan

# memory-scan

Safety Notice

This listing is from the official public ClawHub registry. Review SKILL.md and referenced scripts before running.

Copy this and send it to your AI assistant to learn

Install skill "Memory Scan" with this command: npx skills add dgriffin831/memory-scan

memory-scan

Security scanner for OpenClaw agent memory files

Scans MEMORY.md, daily logs (memory/*.md), and workspace configuration files for malicious content, prompt injection, credential leakage, and dangerous instructions that could compromise user security.

Purpose

Detect security threats embedded in agent memory:

  • Malicious instructions to bypass guardrails
  • Prompt injection patterns in stored memories
  • Credential/secret leakage
  • Data exfiltration commands
  • Behavioral manipulation
  • Security policy violations

Usage

On-Demand Scan

Scan all memory files:

python3 skills/memory-scan/scripts/memory-scan.py

Allow remote LLM analysis (redacted content only):

python3 skills/memory-scan/scripts/memory-scan.py --allow-remote

Scan specific file:

python3 skills/memory-scan/scripts/memory-scan.py --file memory/2026-02-01.md

Quiet mode (for automation):

python3 skills/memory-scan/scripts/memory-scan.py --quiet

JSON output:

python3 skills/memory-scan/scripts/memory-scan.py --json

Scheduled Monitoring

Cron Job (Daily Security Audit)

Already included in safe-install daily audit - runs 2pm PT daily.

To add standalone cron:

bash skills/memory-scan/scripts/schedule-scan.sh

Requires:

  • OPENCLAW_ALERT_CHANNEL (configured in OpenClaw)
  • OPENCLAW_ALERT_TO (optional, for channels that require a recipient)

Creates cron job: daily at 3pm PT, sends alert only if threats found.

Heartbeat Integration

Add to HEARTBEAT.md:

## Weekly Memory Scan

Every Sunday, run memory scan:
python3 skills/memory-scan/scripts/memory-scan.py --quiet

Security Levels

  • SAFE - No threats detected
  • LOW - Minor concerns, proceed with awareness
  • MEDIUM - Potential threat, review recommended
  • HIGH - Likely threat, immediate review required
  • CRITICAL - Active threat detected, quarantine recommended

What It Scans

  1. MEMORY.md - Long-term memory
  2. memory/*.md - Daily logs (last 30 days by default)
  3. Workspace config files:
    • AGENTS.md, SOUL.md, USER.md, TOOLS.md
    • HEARTBEAT.md, GUARDRAILS.md, IDENTITY.md
    • BOOTSTRAP.md (if exists)
    • STOCKS_MEMORIES.md (if exists)

Detection Categories

  1. Malicious Instructions - Commands to harm user/data
  2. Prompt Injection - Embedded manipulation patterns
  3. Credential Leakage - API keys, passwords, tokens
  4. Data Exfiltration - Instructions to leak data
  5. Guardrail Bypass - Attempts to override security
  6. Behavioral Manipulation - Unauthorized personality changes
  7. Privilege Escalation - Attempts to gain unauthorized access

Alert Workflow

On MEDIUM/HIGH/CRITICAL detection:

  1. Stop processing
  2. Send alert via configured OpenClaw channel with:
    • Severity level
    • File location (file:line)
    • Threat description
    • Recommended action
  3. Optional: Quarantine threat (backup + redact)

LLM Provider

Auto-detects provider from OpenClaw config:

  • Prefers OpenAI (gpt-4o-mini) if OPENAI_API_KEY set
  • Falls back to Anthropic (claude-sonnet-4-5) if available
  • Uses gateway model config

Remote LLM scanning is disabled by default. Use --allow-remote to enable redacted LLM analysis.

Quarantine

To quarantine a detected threat:

python3 skills/memory-scan/scripts/quarantine.py memory/2026-02-01.md 42

Creates:

  • Backup: .memory-scan/quarantine/memory_2026-02-01_line42.backup
  • Redacts line 42 with: [QUARANTINED BY MEMORY-SCAN: <timestamp>]

Files

  • scripts/memory-scan.py - Main scanner (local patterns + optional LLM with --allow-remote)
  • scripts/schedule-scan.sh - Create cron job for daily scans
  • scripts/quarantine.py - Quarantine detected threats
  • docs/detection-prompt.md - LLM detection prompt template

Integration with Other Skills

  • safe-install: Daily audit already includes memory-scan
  • input-guard: Complementary (input-guard = external, memory-scan = internal)
  • molthreats: Can report memory-based threats to community feed

Example

$ python3 skills/memory-scan/scripts/memory-scan.py

🧠 Memory Security Scan
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━

Scanning memory files...

✓ MEMORY.md - SAFE
✓ memory/2026-02-01.md - SAFE
⚠ memory/2026-01-30.md - MEDIUM (line 42)
  → Potential credential leakage: API key pattern detected

━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
Overall: MEDIUM
Action: Review memory/2026-01-30.md:42

Agent Workflow

When user requests memory scan:

  1. Run: python3 skills/memory-scan/scripts/memory-scan.py
  2. If MEDIUM+: Send alert immediately via configured channel
  3. Summarize findings
  4. Ask if user wants to quarantine threats

Notes

  • Scans last 30 days of daily logs by default (configurable with --days)
  • Uses same LLM approach as input-guard for consistency
  • Does NOT auto-quarantine - always asks first
  • Safe to run frequently (minimal API cost with efficient chunking)

Source Transparency

This detail page is rendered from real SKILL.md content. Trust labels are metadata-based hints, not a safety guarantee.

Open Registry RecordOpen in ClawHub

Related Skills

Related by shared tags or category signals.

Security

Agent Causal

Helps decide to ship, continue, or roll back changes from A/B test and DiD data by providing statistical analysis, decisions, and audit trails.

Registry SourceRecently Updated
900zhumorris
Security

Code Review Inspector

Automated code review checking for bugs, security issues, best practices, performance problems, and code style

Registry SourceRecently Updated
250Profile unavailable
Security

Docker Optimizer

Optimize Dockerfiles with multi-stage builds, layer caching, security best practices, and size reduction techniques

Registry SourceRecently Updated
260Profile unavailable
Security

Skill Auditor

Audit core: a classification taxonomy and a severity scoring function, kept orthogonal. Operates on the whole skill bundle (SKILL.md plus any referenced scri...

Registry SourceRecently Updated
1250Profile unavailable