# Send Memory Scan to your agent
Hand the extracted package to your coding agent with a concrete install brief instead of figuring it out manually.
## Fast path
- Download the package from Yavira.
- Extract it into a folder your agent can access.
- Paste one of the prompts below and point your agent at the extracted folder.
## Suggested prompts
### New install

```text
I downloaded a skill package from Yavira. Read SKILL.md from the extracted folder and install it by following the included instructions. Then review README.md for any prerequisites, environment setup, or post-install checks. Tell me what you changed and call out any manual steps you could not complete.
```
### Upgrade existing

```text
I downloaded an updated skill package from Yavira. Read SKILL.md from the extracted folder, compare it with my current installation, and upgrade it while preserving any custom configuration unless the package docs explicitly say otherwise. Then review README.md for any prerequisites, environment setup, or post-install checks. Summarize what changed and any follow-up checks I should run.
```
## Machine-readable fields
```json
{
  "schemaVersion": "1.0",
  "item": {
    "slug": "memory-scan",
    "name": "Memory Scan",
    "source": "tencent",
    "type": "skill",
    "category": "效率提升",
    "sourceUrl": "https://clawhub.ai/dgriffin831/memory-scan",
    "canonicalUrl": "https://clawhub.ai/dgriffin831/memory-scan",
    "targetPlatform": "OpenClaw"
  },
  "install": {
    "downloadUrl": "/downloads/memory-scan",
    "sourceDownloadUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=memory-scan",
    "sourcePlatform": "tencent",
    "targetPlatform": "OpenClaw",
    "packageFormat": "ZIP package",
    "primaryDoc": "SKILL.md",
    "includedAssets": [
      "CHANGELOG.md",
      "TESTING.md",
      "README.md",
      "SKILL.md",
      "scripts/schedule-scan.sh",
      "scripts/setup-venv.sh"
    ],
    "downloadMode": "redirect",
    "sourceHealth": {
      "source": "tencent",
      "slug": "memory-scan",
      "status": "healthy",
      "reason": "direct_download_ok",
      "recommendedAction": "download",
      "checkedAt": "2026-04-30T09:12:23.599Z",
      "expiresAt": "2026-05-07T09:12:23.599Z",
      "httpStatus": 200,
      "finalUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=memory-scan",
      "contentType": "application/zip",
      "probeMethod": "head",
      "details": {
        "probeUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=memory-scan",
        "contentDisposition": "attachment; filename=\"memory-scan-1.0.0.zip\"",
        "redirectLocation": null,
        "bodySnippet": null,
        "slug": "memory-scan"
      },
      "scope": "item",
      "summary": "Item download looks usable.",
      "detail": "Yavira can redirect you to the upstream package for this item.",
      "primaryActionLabel": "Download for OpenClaw",
      "primaryActionHref": "/downloads/memory-scan"
    },
    "validation": {
      "installChecklist": [
        "Use the Yavira download entry.",
        "Review SKILL.md after the package is downloaded.",
        "Confirm the extracted package contains the expected setup assets."
      ],
      "postInstallChecks": [
        "Confirm the extracted package includes the expected docs or setup files.",
        "Validate the skill or prompts are available in your target agent workspace.",
        "Capture any manual follow-up steps the agent could not complete."
      ]
    }
  },
  "links": {
    "detailUrl": "https://openagent3.xyz/skills/memory-scan",
    "downloadUrl": "https://openagent3.xyz/downloads/memory-scan",
    "agentUrl": "https://openagent3.xyz/skills/memory-scan/agent",
    "manifestUrl": "https://openagent3.xyz/skills/memory-scan/agent.json",
    "briefUrl": "https://openagent3.xyz/skills/memory-scan/agent.md"
  }
}
```
## Documentation

### memory-scan

Security scanner for OpenClaw agent memory files

Scans MEMORY.md, daily logs (memory/*.md), and workspace configuration files for malicious content, prompt injection, credential leakage, and dangerous instructions that could compromise user security.

### Purpose

Detect security threats embedded in agent memory:

Malicious instructions to bypass guardrails
Prompt injection patterns in stored memories
Credential/secret leakage
Data exfiltration commands
Behavioral manipulation
Security policy violations

### On-Demand Scan

Scan all memory files:

python3 skills/memory-scan/scripts/memory-scan.py

Allow remote LLM analysis (redacted content only):

python3 skills/memory-scan/scripts/memory-scan.py --allow-remote

Scan specific file:

python3 skills/memory-scan/scripts/memory-scan.py --file memory/2026-02-01.md

Quiet mode (for automation):

python3 skills/memory-scan/scripts/memory-scan.py --quiet

JSON output:

python3 skills/memory-scan/scripts/memory-scan.py --json

### Scheduled Monitoring

Cron Job (Daily Security Audit)

Already included in safe-install daily audit - runs 2pm PT daily.

To add standalone cron:

bash skills/memory-scan/scripts/schedule-scan.sh

Requires:

OPENCLAW_ALERT_CHANNEL (configured in OpenClaw)
OPENCLAW_ALERT_TO (optional, for channels that require a recipient)

Creates cron job: daily at 3pm PT, sends alert only if threats found.

Heartbeat Integration

Add to HEARTBEAT.md:

## Weekly Memory Scan

Every Sunday, run memory scan:
python3 skills/memory-scan/scripts/memory-scan.py --quiet

### Security Levels

SAFE - No threats detected
LOW - Minor concerns, proceed with awareness
MEDIUM - Potential threat, review recommended
HIGH - Likely threat, immediate review required
CRITICAL - Active threat detected, quarantine recommended

### What It Scans

MEMORY.md - Long-term memory
memory/*.md - Daily logs (last 30 days by default)
Workspace config files:

AGENTS.md, SOUL.md, USER.md, TOOLS.md
HEARTBEAT.md, GUARDRAILS.md, IDENTITY.md
BOOTSTRAP.md (if exists)
STOCKS_MEMORIES.md (if exists)

### Detection Categories

Malicious Instructions - Commands to harm user/data
Prompt Injection - Embedded manipulation patterns
Credential Leakage - API keys, passwords, tokens
Data Exfiltration - Instructions to leak data
Guardrail Bypass - Attempts to override security
Behavioral Manipulation - Unauthorized personality changes
Privilege Escalation - Attempts to gain unauthorized access

### Alert Workflow

On MEDIUM/HIGH/CRITICAL detection:

Stop processing
Send alert via configured OpenClaw channel with:

Severity level
File location (file:line)
Threat description
Recommended action


Optional: Quarantine threat (backup + redact)

### LLM Provider

Auto-detects provider from OpenClaw config:

Prefers OpenAI (gpt-4o-mini) if OPENAI_API_KEY set
Falls back to Anthropic (claude-sonnet-4-5) if available
Uses gateway model config

Remote LLM scanning is disabled by default. Use --allow-remote to enable
redacted LLM analysis.

### Quarantine

To quarantine a detected threat:

python3 skills/memory-scan/scripts/quarantine.py memory/2026-02-01.md 42

Creates:

Backup: .memory-scan/quarantine/memory_2026-02-01_line42.backup
Redacts line 42 with: [QUARANTINED BY MEMORY-SCAN: <timestamp>]

### Files

scripts/memory-scan.py - Main scanner (local patterns + optional LLM with --allow-remote)
scripts/schedule-scan.sh - Create cron job for daily scans
scripts/quarantine.py - Quarantine detected threats
docs/detection-prompt.md - LLM detection prompt template

### Integration with Other Skills

safe-install: Daily audit already includes memory-scan
input-guard: Complementary (input-guard = external, memory-scan = internal)
molthreats: Can report memory-based threats to community feed

### Example

$ python3 skills/memory-scan/scripts/memory-scan.py

🧠 Memory Security Scan
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━

Scanning memory files...

✓ MEMORY.md - SAFE
✓ memory/2026-02-01.md - SAFE
⚠ memory/2026-01-30.md - MEDIUM (line 42)
  → Potential credential leakage: API key pattern detected

━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
Overall: MEDIUM
Action: Review memory/2026-01-30.md:42

### Agent Workflow

When user requests memory scan:

Run: python3 skills/memory-scan/scripts/memory-scan.py
If MEDIUM+: Send alert immediately via configured channel
Summarize findings
Ask if user wants to quarantine threats

### Notes

Scans last 30 days of daily logs by default (configurable with --days)
Uses same LLM approach as input-guard for consistency
Does NOT auto-quarantine - always asks first
Safe to run frequently (minimal API cost with efficient chunking)
## Trust
- Source: tencent
- Verification: Indexed source record
- Publisher: dgriffin831
- Version: 1.0.0
## Source health
- Status: healthy
- Item download looks usable.
- Yavira can redirect you to the upstream package for this item.
- Health scope: item
- Reason: direct_download_ok
- Checked at: 2026-04-30T09:12:23.599Z
- Expires at: 2026-05-07T09:12:23.599Z
- Recommended action: Download for OpenClaw
## Links
- [Detail page](https://openagent3.xyz/skills/memory-scan)
- [Send to Agent page](https://openagent3.xyz/skills/memory-scan/agent)
- [JSON manifest](https://openagent3.xyz/skills/memory-scan/agent.json)
- [Markdown brief](https://openagent3.xyz/skills/memory-scan/agent.md)
- [Download page](https://openagent3.xyz/downloads/memory-scan)