Openclaw Deeprecall

This skill appears to implement a legitimate two-tier memory and summarization system, but there are notable privacy and configuration mismatches you should consider before installing: - Credential access: The summarizer reads OpenClaw configuration files (e.g., ~/.openclaw/openclaw.json, /etc/openclaw/openclaw.json, workspace/openclaw.json) to obtain LLM provider baseUrl and apiKey. Even though the manifest does not declare required credentials, the code will try to read and use those API keys. If those files contain secrets you don't want shared with this skill, do not install or run it until you review or remove those keys. - Permanent storage: By default the tool stores raw session content in the L2 archive (memory.db) and the SKILL explicitly states those records are permanent and never deleted. If you have sensitive data in session .md files, disable raw storing (use --no-store-raw where possible), or ensure the DB is stored in an isolated location you control, or encrypt/remove L2 storage. - Cross-workspace access: Path detection searches parent directories and 'agents' structures and may find configs or memory directories belonging to other agents. Run this skill in an isolated workspace (or set OPENCLAW_WORKSPACE to a dedicated directory) and test with dry-run options first. - Test safely first: Use summarize --test-config and cleanup --dry-run to observe behavior. Consider setting deeprecall.summarizer.preferred_provider to a local/test provider or null to trigger rule-based extraction, and use --no-store-raw while testing. - Desired changes: Prefer that the skill explicitly declare it requires OpenClaw provider credentials (or require OPENCLAW_API_KEY env), and provide an option to disable L2 archiving permanently. If you cannot confirm those changes, treat installation as potentially exposing local OpenClaw credentials and persistent raw data.