Session Sync Detect
v0.1.0自动检测用户话语中跨会话内容,询问并经用户确认后检索共享记忆文件及活跃会话历史同步信息。
⭐ 1· 72·0 current·0 all-time
by@guoquan
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
The skill is described as detecting cross-session references and, after user confirmation, searching memory files and recent sessions and optionally writing findings to shared memory. The manifest (_meta.json) declares capabilities readSessionHistory, searchMemoryFiles, writeMemoryFiles and optional paths (~/.openclaw/workspace/memory/*.md, ~/.openclaw/workspace/MEMORY.md) that match the stated purpose. It requests no unrelated environment variables or binaries.
Instruction Scope
SKILL.md and index.js explicitly instruct searching local memory files (grep ~/.openclaw/workspace/memory/) and calling sessions_list/sessions_history APIs. These actions are within the skill's scope, and the documentation emphasizes user confirmation before reads/writes. Note: the JS stubs hasContextForTimeReference/isCurrentPlatform/hasRelevantContext currently always return false which will cause the detector to trigger inquiries frequently — this is a behavioral/UX issue (causing many prompts) rather than silent exfiltration, but it increases the number of times the skill will ask to read histories or files.
Install Mechanism
There is no install spec (instruction-only skill with included source), so nothing will be downloaded or installed at runtime by the skill. The package.json is standard and there are no external download URLs or installer scripts to fetch arbitrary code.
Credentials
The skill requires no environment variables, no secrets, and no system config paths beyond optional memory file paths that are directly relevant to its function. The declared read/write capabilities map to the documented behavior. No unrelated credentials or high-privilege paths are requested.
Persistence & Privilege
The skill is not marked always:true and does not request permanent elevated privileges. It declares the ability to write memory files which is appropriate for a memory-sync skill, and the SKILL.md and _meta.json state that user confirmation is required before writes. Nothing in the files indicates it will modify other skills or agent-wide settings.
Assessment
This skill appears coherent: it looks for cross-session cues, asks the user, then (with permission) searches memory files and session history and can write findings back into shared memory. Before installing: (1) note the author/source is unknown — consider reviewing index.js yourself or with a trusted developer; (2) be prepared for frequent prompts because several detection helpers are unimplemented and default to triggering; (3) only grant it write permission to your shared memory if you trust it — back up MEMORY.md and your memory folder first; (4) watch for any unexpected file reads/writes the first few times you approve syncs; (5) if you need stricter privacy, request that the detection logic be improved so it doesn't trigger unnecessarily and confirm that writes redact sensitive items as documented.Like a lobster shell, security has layers — review code before you run it.
latestvk97f2jaxg7ec232jsx804hkm2s83pxzg
License
MIT-0
Free to use, modify, and redistribute. No attribution required.