🧠 EchoFadeMemory
v2.0.0Runs a thin long-term memory workflow on top of the echo-fade-memory service. Use proactively whenever an answer may depend on prior session context, durable...
⭐ 0· 154·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
Name/description describe a thin memory layer and the repository contains only lightweight helpers (store/recall/forget wrappers), a hook that injects a reminder, and docs. The files and the behavior (talking to a base URL for store/recall/forget) align with the stated purpose.
Instruction Scope
Runtime instructions and scripts only perform JSON POST/GET calls to the configured memory service endpoints and emit reminder text. The scripts read two specific OpenClaw config paths (/Users/system/.openclaw/openclaw.json and /home/node/.openclaw/openclaw.json) only to find a configured baseUrl; they do not read arbitrary files or exfiltrate local file contents. Note: store.sh accepts a file path string for image memories but does not itself upload file contents — it sends the path/metadata to the memory service.
Install Mechanism
There is no install spec; the package is instruction-only with small local scripts and a JS hook. Nothing is downloaded or extracted from an external URL, and no package managers are invoked.
Credentials
The skill declares no required environment variables or credentials. It honors an optional EFM_BASE_URL which can point to localhost or another HTTP endpoint. If EFM_BASE_URL is set to an external server, store/recall/forget operations will transmit queries and memory payloads to that endpoint — this is expected for a memory service but users should ensure the endpoint is trusted.
Persistence & Privilege
always:false and no privileged installs are requested. The OpenClaw hook injects a virtual bootstrap reminder (modifies event.context.bootstrapFiles) which is consistent with a hook behavior. The skill can be invoked autonomously by the agent (platform default) — this is normal but raises the usual autonomous-invocation considerations.
Assessment
This skill appears to do what it says: it posts queries and small JSON payloads to an echo-fade-memory HTTP service and injects a bootstrap reminder into OpenClaw. Before installing, confirm the memory service base URL is trusted (EFM_BASE_URL or local 127.0.0.1). Avoid pointing EFM_BASE_URL at unknown remote servers (that would allow memory contents and queries to be sent off-host). Note that scripts send file path strings for images but do not upload file contents themselves; review your memory service implementation if you want content uploaded. If you don't want automatic prompt injections, don't enable the hook or avoid enabling the activator/error-detector hooks. If you need higher assurance, run the health-check against a local instance, inspect the memory-service server code, or keep the service bound to localhost.Like a lobster shell, security has layers — review code before you run it.
latestvk979yz32a9ntndmy4mwtras5tn83bn1p
License
MIT-0
Free to use, modify, and redistribute. No attribution required.