Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Tiered Recall
v1.2.0分层回忆系统 - 解决上下文长度限制,保持项目延续性。自动加载最近7天记忆,支持手动全量回忆或自定义天数。索引含10字内摘要,方便区分同名条目。
⭐ 0· 73·1 current·1 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The name, README, SKILL.md and scripts consistently implement a local 'tiered recall' of MEMORY.md, per-day logs and project files. The scripts only require reading/writing workspace files (memory/, .tiered-recall/) which is proportionate to the described functionality. Minor note: the repository lists an install command in README but the package has no install spec; scripts appear intended to be run locally.
Instruction Scope
Most instructions limit actions to the workspace (MEMORY.md, memory/*.md, .tiered-recall/, project key files) which aligns with purpose. However scripts/check_index.py contains a hard-coded absolute path pointing at 'C:/Windows/System32/UsersAdministrator.openclawworkspace/.tiered-recall/index.json' — this deviates from the rest of the code's workspace-relative behavior and could attempt to read unexpected locations if run as-is. load.py supports --full/--deep modes which may load large amounts of local content into the agent context (privacy risk if sensitive files exist).
Install Mechanism
No install spec (instruction-only install) — lowest install risk. All provided code is local Python scripts; there are no network downloads, package installs, or archive extraction steps in the repo.
Credentials
The skill declares no required environment variables, credentials, or config paths. The scripts access only files under the workspace (memory/, .tiered-recall/) and project paths declared in config.json, which is appropriate for a local recall tool.
Persistence & Privilege
Skill is not always-enabled and does not request elevated or persistent system privileges. It writes index.json and projects.json under .tiered-recall (its own data directory) which is expected behavior.
What to consider before installing
This skill is mostly coherent: it builds an index of local notes and loads selected files into the agent to reconstruct context. Before installing or running it, review and consider the following: 1) check_index.py contains a hard-coded Windows System32 absolute path — remove or fix that file to avoid accidental reads of unexpected locations; 2) the loader can run in '--full' or '--deep' modes and will read many local files (including project key files and previews) into the agent context — do not run those modes on a workspace that contains secrets or private data; 3) although the code has no network calls or credential requests, any content loaded into the agent can be transmitted by the agent in conversation or via other skills, so consider running it in an isolated workspace or auditing MEMORY.md and memory/* before use; 4) if you want extra safety, run the scripts locally in a sandbox, remove or edit check_index.py, and optionally restrict projectPatterns/config.json so only intended project paths are discovered.Like a lobster shell, security has layers — review code before you run it.
latestvk976yb3mvzzpa3gmfn9vj7pzf983qswt
License
MIT-0
Free to use, modify, and redistribute. No attribution required.