ClawHub

Synthetic Supermemory

v2.1.0

Full automated memory pipeline for OpenClaw agents. Scribe session transcripts into structured daily memory files, ingest them into Supermemory for semantic...

0· 83·0 current·0 all-time
by@kitsune
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Pending
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description (scribe transcripts → create daily memory files → ingest into Supermemory → recall/search) matches the included scripts (scribe.js, ingest.js, recall.js, add.js, search.js). Requested binaries (node) and primary credential (SUPERMEMORY_API_KEY) are appropriate for the stated functionality. One minor mismatch: SKILL metadata declares OPENAI_API_KEY as the second required env var but the code also supports ANTHROPIC_API_KEY; ANTHROPIC_API_KEY is not listed in requires.env.
Instruction Scope
Instructions and scripts legitimately read OpenClaw session transcripts (~/.openclaw/agents/.../sessions/*.jsonl), summarize them via an external LLM (OpenAI or Anthropic), write local daily memory files, and upload/index content to Supermemory. This does mean session contents (which may include secrets/PII) are sent to external services — the SKILL.md includes a privacy notice. The scripts do not appear to read unrelated system credentials or hidden endpoints beyond OpenAI/Anthropic and Supermemory.
Install Mechanism
There is no packaged install spec (instruction-only), which keeps surface area low. However, SKILL.md instructs running `npm install` in the skill directory while the registry metadata does not declare dependencies and the skill bundle does not include a package.json. The scripts require the 'supermemory' npm module but that dependency is not declared in the package bundle — the user will need to install dependencies manually. This is an operational inconsistency (not a direct malicious indicator) but worth attention before running.
Credentials
The two required credentials (SUPERMEMORY_API_KEY and an LLM API key) are proportionate to the task. PrimaryEnv is correctly set to SUPERMEMORY_API_KEY. Minor documentation inconsistency: scripts accept ANTHROPIC_API_KEY as an alternative, but ANTHROPIC_API_KEY is not listed under required env vars in the metadata.
Persistence & Privilege
The skill does not request always:true and does not modify other skills or system-wide settings. It writes state files (.scribe-state.json, .ingest-state.json) into the scripts directory and writes memory files where the user specifies — this is expected for the feature. The agent can invoke the skill autonomously (platform default), which is appropriate for an automated memory pipeline.
Assessment
This skill appears to do what it says: it reads OpenClaw session transcripts, summarizes them via an external LLM, writes local memory files, and indexes them in Supermemory. Before installing, consider: - Privacy: session contents (potentially including secrets or PII) will be sent to OpenAI/Anthropic and to Supermemory. Use a low-privilege LLM key with spend limits and avoid including sensitive sessions in the scribed directories. - Secrets handling: follow the SKILL.md advice to store keys securely (not in crontab); verify your crontab lines do not leak secrets in process lists or logs. - Dependencies: the scripts require the 'supermemory' npm package but the bundle has no package.json; you will likely need to install required npm modules yourself. Inspect package source and run npm install in a controlled environment before scheduling cron jobs. - Configuration: point --memory-dir and --agents-dir to only the directories you intend to index; do not point ingest to broad system directories to avoid accidental ingestion of sensitive files. - Minor documentation mismatches: the skill supports ANTHROPIC_API_KEY but the metadata does not list it — set that env if you plan to use Anthropic. Confirm the Supermemory endpoint (api.supermemory.ai) and validate the client library provenance. If you accept these trade-offs and install dependencies manually after inspecting package sources, the skill is coherent with its stated purpose.

Like a lobster shell, security has layers — review code before you run it.

latestvk979dbhe7zxy317jsyzb11z77583jp7h

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🧠 Clawdis
Binsnode
EnvSUPERMEMORY_API_KEY, OPENAI_API_KEY
Primary envSUPERMEMORY_API_KEY

Comments