ClawHub

Clawng Term Memory

v1.2.0

Make your OpenClaw agent portable and persistent. Version-controls SOUL.md, MEMORY.md, and all core knowledge files using git with automatic GitHub push — so...

2· 518·0 current·0 all-time
by@davidharket
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name, description, and included scripts align: commit.sh commits core knowledge files to an agent/<hostname> branch and pushes to origin; merge.sh fetches agent branches and stages their MEMORY.md contents for synthesis. Tracked paths (SOUL.md, MEMORY.md, skills/, etc.) match the declared purpose of backing up agent core knowledge.
Instruction Scope
Instructions require running git commands and pushing internal data to a remote repo and recommend always auto-committing after any core-file change. This is consistent with the stated goal, but the workflow routinely transmits potentially sensitive content (IDENTITY.md, MEMORY.md, skills/) to a remote Git host and instructs automated daily synthesis — the SKILL.md does not instruct any filtering or redaction of secrets or PII prior to commit/push.
Install Mechanism
No install spec or external downloads; this is instruction-only with included shell scripts. No network downloads or archives executed by the skill itself.
Credentials
The skill declares no required env vars, which is reasonable: it relies on the user's existing git authentication (SSH keys or credential helper). However, it implicitly depends on git credentials being present and will use them to push potentially sensitive files to the configured remote. The skill does not request any unrelated credentials, but you should verify what will be committed (skills/, memory/) before enabling automatic pushes.
Persistence & Privilege
Does not request always:true or other elevated platform privileges. Scripts modify only the workspace repo and write staging output to /tmp; they do not change other skills' configurations or system-wide settings.
Assessment
This skill is internally coherent and implements what it promises, but it will routinely stage and push your agent's internal data (MEMORY.md, IDENTITY.md, SOUL.md, installed skills) to whatever Git remote you configure. Before installing: (1) ensure the GitHub repo is private and access is tightly controlled; (2) audit the files that will be tracked (especially skills/ and memory/) for secrets or PII and add sensitive paths to .gitignore or remove them from commits; (3) prefer SSH keys with least-privilege deploy keys rather than storing personal tokens in plaintext; (4) consider encrypting or redacting any sensitive content before commit, or add a pre-commit review step instead of fully automatic commits/pushes; (5) be cautious about the automatic daily synthesis model that aggregates memories across agents — it can increase exposure of private data. If you want, I can suggest a safe .gitignore template, a pre-commit hook to detect secrets, or a minimal workflow that stores only non-sensitive metadata in the remote repo.

Like a lobster shell, security has layers — review code before you run it.

latestvk97dtpzqm61ysx85g4f9y17gyh81kc6t

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments