ClawHub

memory-referee

v0.1.0

Memory hygiene and adjudication layer for OpenClaw agent workflows. Deduplicates entities, resolves naming conflicts, separates facts from goals from specula...

0· 66·0 current·0 all-time
by@honouralexwill
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The name/description (deduplication, classification, staleness, conflict detection, provenance) align with the included TypeScript modules (dedupe, classify, conflicts, staleness, schema, render, index). No unexpected external services, binaries, or credentials are requested.
Instruction Scope
SKILL.md and README describe in-memory adjudication of provided record arrays and a simple CLI/library API. The runtime instructions do not tell the agent to read unrelated system files, call external endpoints, or exfiltrate secrets. Note: the repository includes a CLAUDE.md with governance commands referring to a 'saturnday' tool and rules like 'Do NOT edit files directly' — these are developer/workflow instructions and are not invoked automatically by the skill at runtime; they do not change runtime behavior but are worth reviewing if you will modify the code.
Install Mechanism
There is no install spec for downloading or executing remote archives. The package is a normal node project (package.json, tsc build) with typical dev dependencies and a small runtime dependency (tsx). Nothing in the manifest points to fetching code from untrusted URLs or running opaque installers.
Credentials
The skill declares no required environment variables, no primary credential, and no config paths. The code does not reference process.env or other secret-bearing sources in the provided files. Credential and environment access are proportionate to the stated purpose (none required).
Persistence & Privilege
The skill does not request permanent inclusion (always: false) and contains no code that persists to external stores or modifies other skills. It runs in-process and returns adjudication output; the README explicitly states 'No persistence'. Autonomous invocation is allowed by platform default but is not combined here with broad privileges or credential access.
Assessment
This skill appears coherent and self-contained: it adjudicates an input array of memory records in-process and returns a report and structured JSON. Before installing, consider: 1) Review the included source (you already have it) or run the tests to verify behavior matches your expectations — classification, similarity threshold (0.8), and staleness TTL (30 days) are heuristic and may need tuning. 2) It does not persist data or contact external services by default, so secrets are not requested or used. 3) The repository contains developer governance notes (CLAUDE.md referencing a 'saturnday' tool) — these are developer workflow instructions and do not execute during normal runtime, but follow them only if you intend to modify the code. 4) For very large record sets (>100k), the README warns this is in-process only and not optimized for streaming; consider batching or an external pipeline for scale. If you want higher assurance, run the test suite (npm test), inspect the compiled dist files that will be executed, and optionally run a static scan for any changes before use.

Like a lobster shell, security has layers — review code before you run it.

latestvk978r7t5qz5pax7vf4pk21smxh83qfzx

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments