OpenClaw Memory Resilience
v1.0.0Configure OpenClaw agent memory to survive compaction and session restarts. Use when: (1) setting up a new OpenClaw agent or workspace, (2) agents are forget...
⭐ 0· 349·2 current·3 all-time
by@ferosin
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The SKILL.md clearly aims to configure global gateway compaction and workspace file patterns. However, it prescribes global operations (e.g., running `gateway config.patch`, changing gateway defaults) and use of CLI tools (e.g., `qmd update && qmd embed`) while the manifest lists no required binaries, tools, or permission requirements. That mismatch implies the skill expects admin privileges and specific tooling that are not declared.
Instruction Scope
Instructions tell agents to run global config changes, call internal endpoints (`session_status`) before every reply, and have a silent pre-compaction flush that auto-writes to files (memory/YYYY-MM-DD.md) using a system prompt. Those behaviors are within the stated goal but broaden scope: they cause automatic on-disk writes of conversational content (which might include secrets), rely on internal APIs/commands (`/context list`, `/compact`) and assume the runtime supports them. The silent 'NO_REPLY' flush specifically increases risk of accidental persistence of sensitive data.
Install Mechanism
Instruction-only skill with no install spec or external downloads — lowest install risk. There is no code to execute from third-party URLs.
Credentials
The manifest requests no credentials, which is consistent, but the guidance explicitly advises placing credentials/infrastructure maps in bootstrap files (TOOLS.md, MEMORY.md). Recommending storing credentials in workspace files increases risk of local secret exposure. Also, the skill implicitly requires administrative access to gateway configuration and QMD tooling even though it doesn't declare needing such privileges.
Persistence & Privilege
The skill does not request 'always: true' and allows model invocation (normal defaults). It instructs global config changes and persistent file patterns which means it will change agent behavior persistently across sessions, but that is consistent with its purpose — just requires appropriate privileges and care.
What to consider before installing
This skill is coherent with its stated purpose, but it assumes admin-level gateway access and CLI tools (gateway, qmd) that are not declared and it promotes writing session content — including potentially sensitive items — to disk automatically. Before using it: (1) test in a non-production/staging workspace; (2) ensure you (or the installer) have the required gateway admin rights and the qmd/gateway tooling available; (3) audit bootstrap files (TOOLS.md, MEMORY.md) and avoid storing plaintext credentials — use a secrets manager or restrict the files' access; (4) review and limit the pre-compaction 'memoryFlush' prompt so it won't cause accidental writes of tokens, passwords, or API responses; (5) prefer applying compaction changes per-workspace if you don't want global effects; (6) back up current gateway config before patching. If you need, provide the runtime details (who manages gateway, whether qmd exists, and where agent files live) and I can point out the exact commands/permissions you should expect.Like a lobster shell, security has layers — review code before you run it.
compactionvk97e0nn4mcdf4f729x4a7t0m6h82ew5gcontextvk97e0nn4mcdf4f729x4a7t0m6h82ew5glatestvk97e0nn4mcdf4f729x4a7t0m6h82ew5gmemoryvk97e0nn4mcdf4f729x4a7t0m6h82ew5gopenclawvk97e0nn4mcdf4f729x4a7t0m6h82ew5g
License
MIT-0
Free to use, modify, and redistribute. No attribution required.