Convert Memory Files Between Systems
PassAudited by VirusTotal on May 3, 2026.
Overview
Type: OpenClaw Skill Name: convert-memory-files-between-systems Version: 1.0.0 The skill bundle is designed to migrate memory data between two OpenClaw plugins by converting markdown files and updating a SQLite database. While it contains hardcoded absolute paths for a specific user ('hahaha1234') in 'scripts/import_markdown_to_memos.py' and 'SKILL.md', which is a functional flaw for general use, the code logic is limited to local file manipulation and database insertion consistent with its stated purpose. There are no indicators of data exfiltration, unauthorized network access, or malicious intent.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Running this as-is could alter or duplicate persistent memory records and may affect how the agent behaves in later sessions.
The helper directly writes every matching markdown memory file from a hard-coded local directory into a persistent SQLite memory database, with no backup, dry run, duplicate handling, or user-selected path controls.
conn = sqlite3.connect('/home/hahaha1234/.openclaw/memos-local/memos.db') ... for filename in os.listdir(memory_dir) ... INSERT INTO chunksRequire explicit user confirmation, parameterize the source and database paths, create a backup first, and add dry-run plus deduplication checks before writing to the database.
A mistaken run could disable or break a memory plugin configuration and change the agent's runtime behavior.
The helper persistently changes OpenClaw plugin configuration by removing a plugin from entries, load paths, and allow lists, but it does not create a backup or provide rollback safeguards.
del config['plugins']['entries']['memory-lancedb-pro'] ... config['plugins']['allow'].remove('memory-lancedb-pro') ... json.dump(config, file, indent=2)Back up the configuration file, validate the config structure, show the planned diff to the user, and only save after explicit approval.
Old or untrusted memory text, including instruction-like content, could be reused by the agent in future tasks and influence later responses.
Raw markdown memory content is inserted into the memos-local persistent memory table without review, filtering, or trust-boundary handling.
content = file.read() ... INSERT INTO chunks ... VALUES (?, ?, ?, ?, ?, ?, ?)
Review and filter imported memories before insertion, avoid importing instruction-like or untrusted content blindly, and provide a way to audit and remove imported records.
The mismatch can confuse users or reviewers about which script should be run for a configuration-changing operation.
The documentation references a delete_memory_lancedb_pro_config.py companion script, but the provided manifest contains remove_memory_lancedb_pro.py instead.
scripts/delete_memory_lancedb_pro_config.py — 删除配置文件中 memory-lancedb-pro 相关内容的 Python 脚本 ... scripts/remove_memory_lancedb_pro.py — automation script
Make the companion script names consistent and ensure the documented file is exactly the one included and reviewed.