Three Tier Memory
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: three-tier-memory Version: 2.0.0 The skill is classified as suspicious due to `scripts/memory_manager.py` directly accessing `Path.home() / '.openclaw' / 'openclaw.json'` to retrieve an API key. While the key is used for its stated purpose (calling the Zhipu AI API for summarization), this method bypasses secure credential management and allows the skill to read sensitive configuration data from outside its designated workspace, posing a significant information disclosure vulnerability. There is no clear evidence of intentional malicious exfiltration of this key to an unauthorized third party, but the capability to access it is a notable risk.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The skill may use the user's existing Zhipu/BigModel account key for summaries, which could expose data to that provider and consume account quota or billing.
The script reads a locally stored OpenClaw provider API key even though the registry metadata declares no primary credential or required environment variable.
config_path = Path.home() / '.openclaw' / 'openclaw.json' ... zhipu_cfg = providers.get('zhipu', {}) ... api_key = zhipu_cfg['apiKey']Declare the credential requirement explicitly, ask before using a global provider key, and provide a clear local-only or no-LLM mode.
Private conversation content, preferences, or personal facts stored in memory may be transmitted to BigModel/Zhipu during summarization.
Conversation-derived text is packaged into a prompt and sent to an external LLM provider using the local API key.
conversation_text = "\n".join([...]); api_url = "https://open.bigmodel.cn/api/paas/v4/chat/completions"; "Authorization": f"Bearer {api_key}"Make external transmission explicit before each automatic summary, allow redaction and provider selection, and document exactly what conversation content is sent.
Sensitive or incorrect conversation details can become persistent memory and later be retrieved or reused by the agent.
The skill documents unbounded medium- and long-term memory plus automatic conversation saving, but does not describe retention, deletion, validation, or trust boundaries.
中期 | summaries/ | Token阈值/摘要 | 无限 ... 长期 | vector-store/ | 语义检索 | 无限 ... `session:end` → 自动保存对话
Add explicit controls for what is saved, review before promoting memories, retention limits, deletion/export commands, and warnings for sensitive conversations.
Users cannot verify how the advertised session-end auto-save hook works from the supplied artifacts.
The documentation claims a hook is included, but the provided manifest lists only SKILL.md, references/references.md, and scripts/memory_manager.py, so the claimed automatic hook implementation is absent from review.
已包含 `hooks/memory-manager-hook/` ... openclaw hooks enable memory-manager-hook
Include the hook files in the package and manifest, or remove the hook claim and clearly state that automatic session capture is not installed.