ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

memory-system

v1.0.0

OpenClaw 长期记忆管理系统。提供结构化记忆、向量记忆、语义搜索功能。Use when: 用户需要 AI 记住长期上下文、偏好、决策,或需要从记忆中进行语义搜索。

0· 298·0 current·0 all-time
by@damiencronw
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
The declared purpose (structured + vector memory with Postgres/pgvector and local embeddings) is coherent with the code. However the skill listing declared no required binaries or env vars, while the scripts assume psql, curl, and a local embedding service on localhost:11434 and use a hardcoded DB user 'damien' and ports 5432/5433. The lack of declared requirements/configuration is a mismatch and reduces transparency.
Instruction Scope
Instructions and scripts explicitly read local files under ~/.openclaw/workspace/memory and insert/archive them into local Postgres — this is within the stated purpose. The vector search posts queries to a hardcoded local embedding API (http://localhost:11434/api/embeddings). There is no evidence of external network exfiltration beyond the local embedding call, but if that local service proxies externally it could leak content.
Install Mechanism
No install spec (instruction + small scripts) — lowest-risk install mechanism. Nothing is downloaded or extracted by the skill itself.
!
Credentials
No required env vars or credentials were declared in metadata, yet the code hardcodes database access (user 'damien', ports 5432/5433) and assumes presence of psql and curl. This is disproportionate: either required env/binaries should be declared or credentials/parameters should be configurable (env vars or config file). Hardcoded credentials reduce safety and transparency.
Persistence & Privilege
always:false and the skill does not request system-wide persistence or modify other skills. It runs local file I/O and subprocesses but does not request elevated or persistent platform privileges.
What to consider before installing
This skill mostly does what it says (archives local markdown memories into Postgres and performs vector/semantic search), but there are several red flags you should address before installing or running it on sensitive data: - The scripts assume psql and curl are available and a local embedding service at http://localhost:11434; those requirements are not declared. Ensure you understand and control those services. - The code hardcodes the DB username ('damien') and ports; it lacks environment-variable configuration. Prefer changing the scripts to accept DB credentials via secure env vars or a config file before use. - The archiver reads ~/.openclaw/workspace/memory and will import file contents into a database. Only run it if you trust the source and the destination DB. If the local embedding service proxies requests externally, your data could be sent outside your machine. - The import uses naive string interpolation to build SQL passed to psql; this is brittle and could lead to SQL quoting issues or injection-like problems for unusual content. Use parameterized inserts or a DB client library instead. If the author can (a) declare required binaries/env vars, (b) make DB and embedding endpoints configurable through env vars, and (c) fix SQL parameterization, the skill would be much safer. Until then, run it in a controlled/non-sensitive environment and review/modify the scripts yourself.

Like a lobster shell, security has layers — review code before you run it.

Runtime requirements

🧠 Clawdis
latestvk97cfkmewanbsr3ak0yz1arvr182gr0y
298downloads
0stars
1versions
Updated 12h ago
v1.0.0
MIT-0
@damiencronw
latest
Download

Memory System Skill

OpenClaw 长期记忆管理系统

功能

1. 结构化记忆 (PostgreSQL)

  • 目标 (Goals)
  • 决策 (Decisions)
  • 状态 (Status)
  • 偏好 (Preferences)
  • 参考资料 (Reference)

2. 向量记忆 (pgvector)

  • 支持语义搜索
  • 中文 embedding (bge-large-zh)
  • 相似度匹配

3. 自动归档

  • 本地文件保留 7 天
  • 自动导入 PostgreSQL

数据库

数据库端口用途
Postgres.app5432结构化记忆
Homebrew PG5433向量搜索

连接

# 结构化记忆
psql -h localhost -p 5432 -U damien -d postgres

# 向量记忆  
psql -h localhost -p 5433 -U damien -d postgres

表结构

memory_structured (结构化)

CREATE TABLE memory_structured (
    id SERIAL PRIMARY KEY,
    category VARCHAR(50),  -- goals, decisions, status, preferences, reference
    title VARCHAR(200),
    content TEXT,
    created_at TIMESTAMPTZ DEFAULT NOW(),
    updated_at TIMESTAMPTZ DEFAULT NOW()
);

longterm_memory (向量)

CREATE TABLE longterm_memory (
    id SERIAL PRIMARY KEY,
    content TEXT NOT NULL,
    embedding vector(1024),
    source VARCHAR(100),
    tags TEXT[],
    created_at TIMESTAMPTZ DEFAULT NOW()
);

CREATE INDEX ON longterm_memory USING hnsw (embedding vector_cosine_ops);

脚本

  • scripts/memory_manager.py - 归档脚本(每周自动运行)
  • scripts/memory_search.py - 向量搜索工具

使用

读取记忆

# 读取目标
psql -h localhost -p 5432 -U damien -d postgres -c "SELECT * FROM memory_structured WHERE category='goals';"

# 语义搜索
python scripts/memory_search.py "我之前说过我喜欢什么编程语言"

更新记忆

python scripts/memory_manager.py --add "goals" "新目标" "内容"

四种记忆方法

根据视频教程配置:

  1. 结构化文件夹 - Markdown 文件 (~/.openclaw/workspace/memory/)
  2. Memory Search - bge-large-zh embedding
  3. MEM0 插件 - 待配置
  4. SQLite/PostgreSQL - 已配置

更新于: 2026-03-08

Comments

Loading comments...