ClawHub

Memory Setup 1.0.0

v1.0.0

Enable and configure Moltbot/Clawdbot memory search for persistent context. Use when setting up memory, fixing "goldfish brain," or helping users configure m...

0· 362·22 current·25 all-time
by@gwsq
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name and description align with the instructions: the SKILL.md describes enabling memorySearch, creating MEMORY.md and memory/ files, and configuring the agent. The operations and files it asks you to create/edit are coherent with a memory-setup task.
!
Instruction Scope
The instructions explicitly tell users/agents to edit ~/.clawdbot/clawdbot.json (or moltbot.json), workspace files, and to run 'clawdbot gateway restart'. They also reference runtime actions for agents (memory_search, memory_get). These are within scope, but the SKILL.md also mentions environment variables (VOYAGE_API_KEY, OPENAI_API_KEY) that are not declared in the skill metadata — the skill instructs the agent/user to set secrets without declaring them. That mismatch should be noted before granting access or following the instructions.
Install Mechanism
This is an instruction-only skill with no install spec and no code files, so it does not download or write executables. That minimizes installation risk.
!
Credentials
The SKILL.md recommends setting VOYAGE_API_KEY and OPENAI_API_KEY (and suggests using a third-party 'voyage' provider) but the skill's metadata lists no required environment variables or primary credential. The instructions therefore expect secrets that the registry metadata doesn't declare. This is a transparency gap and increases risk because the skill may prompt you to create/store API keys for an external provider.
Persistence & Privilege
The skill does not request always:true and does not modify other skills' configs. It only instructs how to edit user config files and workspace files, which is expected for a setup guide. Autonomous invocation is allowed by default, but there is no indication this skill needs permanent elevated presence.
What to consider before installing
This skill appears to do what it says (configure persistent memory), but it references external API keys and edits config files without declaring those secrets in the metadata. Before following instructions or providing keys: 1) Verify what 'voyage' is (official site, privacy terms, where embeddings go). 2) Prefer the 'local' provider if you don't want data sent to third parties. 3) Do not paste API keys into shared files or public repos; store them in a secure place. 4) Back up ~/.clawdbot/clawdbot.json and workspace memory files before editing. 5) Be mindful that MEMORY.md and daily logs may contain sensitive data — assess privacy risk of indexing them. If you need higher assurance, ask the skill author for provenance of the 'voyage' provider and update the skill metadata to declare required env vars before use.

Like a lobster shell, security has layers — review code before you run it.

latestvk97emqsff4tkmar4qvsxv1197582ar11

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments