Smart Memory

This skill is coherent with its stated purpose (local JSON memory) but has privacy and small-declaration issues you should consider before installing: - Review the scripts before use. They run locally, but they expect 'jq' and other standard Unix tools; the registry metadata did not declare 'jq' as required. Install jq or confirm availability. - Be cautious about storing secrets. The skill explicitly suggests storing API keys and server addresses drawn from conversations. If you enable this, treat the memory directory like sensitive storage: restrict filesystem permissions, consider encrypting the directory, or disable storing credentials. - The stats/report command prints the first ~60 characters of memory values. That can leak secret fragments — remove or modify that output if you care about privacy. - Soft-delete keeps items in archive for 30 days. If you need immediate, irreversible deletion for sensitive items, test 'purge' and confirm behavior meets your policy. - Follow principle of least privilege: set OPENCLAW_MEMORY_DIR to a controlled location, verify file permissions, and run 'memory-manager.sh init' manually to inspect created files. Consider disabling automatic inference/storage until you have explicit consent rules implemented. If you want a green light: have the author declare 'jq' as a required binary, remove value snippets from reports or mask them, add explicit opt-in for storing credentials, shorten retention for sensitive items or add encryption, and re-run a review.