ClawHub

Metaclaw

v1.0.0

Generischer Skill für Memory-Management, Hybrid Retrieval und Skill Evolution mit PluginEval Integration

1· 79·0 current·0 all-time
by@donmeusi
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
Name/description (MetaClaw: memory management, hybrid retrieval, PluginEval) align with the included scripts: memory vector search, memory extraction, session counter, digest/consolidation, and a skill-evaluator. Declared requirements (none) are plausible because defaults exist, and the SKILL.md explicitly instructs creating a venv and installing lancedb and sentence-transformers.
Instruction Scope
Runtime instructions and scripts operate on the user's OpenClaw workspace (MEMORY.md, memory/*.md, SESSION-STATE.md, .session-count) and can read/parse those files — this matches the stated purpose. The memory-extract script may call local commands (e.g., lcm_describe) and sends prompts to a local Ollama API (http://localhost:11434) for LLM-based extraction. The skill-eval tool can modify files when run with --allow-write. These behaviors are expected for the described functionality but warrant review because they read/write local files and may invoke external tools on the host.
Install Mechanism
No formal install spec in registry (instruction-only), but SKILL.md/README instruct creating a Python venv and pip installing lancedb and sentence-transformers. That is proportionate to the code which imports those packages. Be aware sentence-transformers/models may download model weights on first run (network activity).
Credentials
The skill does not declare required env vars but the code honors WORKSPACE (defaulting to ~/.openclaw/workspace), OLLAMA_MODEL (optional, default provided), and OLLAMA_TIMEOUT. These are reasonable for a local extraction pipeline. No cloud/AWS/third-party API credentials are requested. A caveat: skill-eval's --allow-write gives the script permission to modify files you point it at; exercise caution before allowing writes.
Persistence & Privilege
Flags show no forced persistence (always:false) and model invocation is permitted (default). The skill writes only within the workspace and skill directories by default (e.g., session-count, backups, .last-digest). The ability to modify files is gated behind explicit CLI flags (--allow-write) which is appropriate; still, cron instructions and Heartbeat integration can make it run periodically if the user configures them.
Assessment
This skill appears coherent with its stated purpose, but review and take these precautions before installing or enabling automatic runs: - Inspect and run in an isolated environment (use the advised .venv-metaclaw) so Python packages and model downloads are separated from your system. - The scripts read and write files under your workspace (MEMORY.md, memory/*.md, SESSION-STATE.md, .session-count). Back up important data before running consolidation/auto-fix steps. - memory-extract sends content to a local Ollama endpoint (http://localhost:11434). Confirm you run a trusted local LLM; do not point OLLAMA_HOST (if you modify code) to an untrusted remote service or put sensitive data into prompts sent to external hosts. - skill-eval's auto-fix can modify files when invoked with --allow-write; run first with read-only flags (--layer1, --auto-fix without --allow-write) to preview changes. Keep backups and review diffs before applying fixes. - There are minor path/name inconsistencies in docs vs. scripts (e.g., references to memory-digest-enhanced.sh vs memory-digest.sh and varying script paths). Verify the correct paths before installing crontab or heartbeat hooks. If you want higher confidence, provide answers or artifacts for these points and I can re-evaluate with higher confidence: - Do you plan to run a local Ollama or other LLM? If not, which extraction fallback do you intend to use? - Will you allow CLI '--allow-write' or cron/heartbeat integration (automated writes)? - Do you want me to scan specific files in your workspace to see what this skill would read/process?

Like a lobster shell, security has layers — review code before you run it.

automationvk9721bqsy9qx06f1vkce3gnzas841npshybridvk9721bqsy9qx06f1vkce3gnzas841npslatestvk9721bqsy9qx06f1vkce3gnzas841npsmemoryvk9721bqsy9qx06f1vkce3gnzas841npsretrievalvk9721bqsy9qx06f1vkce3gnzas841nps

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments