Agent memory system with memory graph, context profiles, checkpoint/recover, structured storage, semantic search, observational memory, task tracking, canvas...
Security Analysis
medium confidenceClawVault's claimed purpose (local agent memory, graph-aware context, and an opt-in OpenClaw hook) matches the files and runtime instructions; the bundle is coherent but requires careful review before installing the recommended third-party CLI packages and enabling the hook.
Name/description match behavior: the SKILL.md and handler.js implement a vault, graph/context retrieval, and an OpenClaw hook that reads/writes a vault and session transcripts. The environment variables referenced (CLAWVAULT_PATH, OPENCLAW_HOME / OPENCLAW_STATE_DIR, GEMINI_API_KEY) are relevant to the stated features.
Instructions and hook explicitly read OpenClaw session transcripts (~/.openclaw/agents or variants), parse session JSON/JSONL files, and may modify sessions via repair/checkpoint flows (SKILL.md says backups are created). The hook also triggers LLM compression via the CLI (optional GEMINI use). Reading/modifying session files is sensitive but consistent with the stated purpose; the SKILL.md is reasonably specific rather than giving broad 'gather context' permission.
There is no platform install spec in the registry, but SKILL.md recommends installing third-party CLIs via npm (clawvault, github:tobi/qmd). Installing global npm packages executes remote code and is a moderate-risk action; this is expected for a CLI-based skill but the user should verify package metadata (tarball, integrity, repository) before npm install. The bundle includes a hook file for local review before enabling.
No unrelated secrets are requested. Optional env vars are proportionate to function: vault path, OpenClaw state dir, and an optional LLM API key for observation/compression. The skill does not demand broad or unrelated credentials.
always=false (opt-in); hook must be installed/enabled to run. The hook writes/backs up OpenClaw session files and can run periodic tasks (cron.weekly). This level of access is necessary for repair/checkpoint behaviors, but it is a real privilege: enable only after code review and after confirming backups/restore behavior.
Guidance
The skill appears to do what it says, but it will read and modify OpenClaw session files and asks you to install third-party CLIs via npm. Before installing/enabling: 1) Review the included hook source (hooks/clawvault/handler.js) — the bundle contains it so you can inspect exactly what will run. 2) Verify the npm package origin/integrity (npm view dist.integrity and repository URL) before npm install -g. 3) Install the CLI and qmd only if you trust those packages; prefer installing locally in a sandbox if uncertain. 4) Use the SKILL.md's safe install flow: openclaw hooks install but do NOT enable until you confirm the hook code and that backups are created as claimed. 5) Only provide GEMINI_API_KEY if you want observe/compression features and understand that this enables network calls to the LLM provider. If you are uncomfortable with a hook that can modify ~/.openclaw/agents, do not enable it.
Latest Release
v2.5.13
Schema conformance pass: remove non-spec openclaw metadata keys, add source field, and keep only documented requirement/install/homepage fields for stable registry parsing.
More by @G9Pedro
Published by @G9Pedro on ClawHub
