Project Memory - 项目记忆管理

The skill generally matches its stated purpose (a local project-memory manager) but has multiple mismatches and a serious safety issue: it writes/deletes files under the user's home directory and does not sanitize project names, which could allow path-traversal deletion of arbitrary paths.

This skill appears to do what it claims (local project-based memory stored under ~/.openclaw/projects), but do not install or enable it without addressing the filesystem-safety issues. Specific things to consider before installing: - Path traversal / destructive operations: The included code uses project names directly in paths and performs recursive deletions and moves. A project name containing ../ or other special characters could cause the skill to operate on (and delete) files outside ~/.openclaw/projects. Treat this as high-risk for data loss. - Undeclared env var: The code reads OPENCLAW_AGENT_ID to mark who created an entry; this env var is not declared in skill metadata. It’s not critical but should be documented or removed. - Documentation vs implementation mismatch: SKILL.md mentions automatic backups and auto-save behaviors that are not implemented in handler.js; don’t rely on backups being made. Recommended actions to mitigate before using: - Review and/or modify the code: validate/sanitize project names (reject path separators, control characters), normalize paths and verify the resolved path starts with the intended PROJECTS_DIR, and avoid allowing names that could escape the base directory. - Replace fs.rmSync calls with safer routines that verify the target path is inside PROJECTS_DIR before recursive deletion; require explicit user confirmation in the UI layer (not just a boolean flag passed programmatically). - Implement (or remove) the advertised automatic backup behavior and update documentation accordingly. - Run the skill as a non-privileged user and make a manual backup of important data first. Consider running inside a sandbox/container if you need to evaluate it. Because of the destructive filesystem risk and documentation mismatches, classify this skill as suspicious until the above issues are fixed.