← Back to Skills Marketplace
84
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install memory-auditor
Description
Audits an agent's claims against stored memory to detect fabricated or drifted details and assess memory consistency with token-level analysis.
Usage Guidance
Before installing or invoking: (1) Confirm whether you expect the audit to run locally or to be sent to an external hosted service — SKILL.md claims local analysis but documents a remote endpoint and includes worker code. (2) Do not send sensitive or private memory contents to this endpoint unless you trust the operator and their Terms/Privacy, because the skill requires POSTing full 'current_behavior' and 'stored_memory' and demands a payment header. (3) Ask the author/source for clarification about the hard-coded EXA_API_KEY in wrangler.toml and worker.js; request removal of embedded keys or an explanation of their purpose. (4) Verify the service domain (memory-auditor.cvapi.workers.dev) and who controls it; prefer an implementation that truly runs locally if privacy is a concern. (5) If you still want to use it, request a version that performs the analysis locally (no external network calls) or review hosting/ownership/legal terms and ensure the payment mechanism cannot be abused.
Capability Analysis
Type: OpenClaw Skill
Name: memory-auditor
Version: 1.0.0
The skill bundle implements a memory auditing service as described, but it contains a hardcoded API key (EXA_API_KEY: d6aa75ee-d815-4a48-8262-ac16131e9323) in both worker.js and wrangler.toml. While the code performs local token analysis and does not currently exfiltrate data, the inclusion of hardcoded credentials is a significant security vulnerability and poor practice.
Capability Tags
Capability Assessment
Purpose & Capability
The description and SKILL.md claim the service performs local token analysis and requires no credentials, but the package includes a Cloudflare Worker implementation and documents a remote endpoint (https://memory-auditor.cvapi.workers.dev/audit). The presence of worker.js and wrangler.toml implies a hosted service rather than a purely local tool — a mismatch between advertised 'local analysis' and a published remote API.
Instruction Scope
SKILL.md instructs callers to POST full 'current_behavior' and 'stored_memory' to an external URL and to include an x402-payment header or ?payment=1. That means user/agent data will be transmitted off-host unless the user's platform replaces the call with local logic — contradicting the SKILL.md line 'No external API calls — runs entirely on local analysis.' There are no instructions that reference unrelated system files or env vars, but the external transmission and payment requirement broaden the operational scope.
Install Mechanism
There is no install spec (instruction-only from the registry perspective), which is low-risk. However the package actually contains worker.js and wrangler.toml for a Cloudflare Worker (code that would run remotely). No downloads or third-party install URLs are present in the package itself.
Credentials
The registry metadata lists no required environment variables, but wrangler.toml sets a [vars] EXA_API_KEY and worker.js falls back to a hard-coded GUID (env.EXA_API_KEY || 'd6aa75ee-...'). A secret/API key is present in the repo, though the key is not used anywhere in the code. This hard-coded credential is unexpected and disproportionate to the stated purpose and may indicate sloppy key handling or leftover secrets.
Persistence & Privilege
The skill does not request always:true, does not modify other skills, and does not ask for system-wide config paths or privileged access. It only exposes an HTTP API contract and a payment header requirement.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install memory-auditor - After installation, invoke the skill by name or use
/memory-auditor - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
Initial release - sh.20/audit
Metadata
Frequently Asked Questions
What is Memory-Auditor?
Audits an agent's claims against stored memory to detect fabricated or drifted details and assess memory consistency with token-level analysis. It is an AI Agent Skill for Claude Code / OpenClaw, with 84 downloads so far.
How do I install Memory-Auditor?
Run "/install memory-auditor" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Memory-Auditor free?
Yes, Memory-Auditor is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does Memory-Auditor support?
Memory-Auditor is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Memory-Auditor?
It is built and maintained by crftsmnd (@crftsmnd); the current version is v1.0.0.
More Skills