中文 PKM 记忆系统
PassAudited by ClawScan on May 10, 2026.
Overview
This appears to be a coherent local PKM memory helper, but saved content may persist and the underlying local services are not included in the reviewed package.
Before installing, confirm that you trust the local PKM API and Qdrant services this skill will contact. Treat remembered facts, session logs, and vector memories as persistent data, and avoid storing secrets or sensitive personal information unless you have a clear way to inspect and delete it.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent could store or retrieve personal memory content through the local PKM API when the skill is used.
The skill documents raw localhost API calls that can add to or retrieve from the memory system. This is expected for the stated PKM purpose, but users should ensure the agent only sends intended content.
curl -X POST http://127.0.0.1:8001/ingest ... curl -X POST http://127.0.0.1:8001/retrieve
Use the skill only with a trusted local PKM service, and review sensitive content before asking the agent to remember it.
The reviewed skill does not show malicious behavior, but your actual privacy and safety depend on the separate local services it contacts.
The skill relies on local PKM/Qdrant services, but the package is instruction-only and does not include or install those services. The behavior of those local services is therefore outside the reviewed artifacts.
curl -s http://localhost:7334/collections
Confirm what is running on localhost ports 8001 and 7334 before using the skill, and verify those services’ own security and retention settings.
Incorrect, sensitive, or outdated memories may be retained and later reused by the agent.
The skill explicitly supports adding persistent facts, logs, sessions, events, and vector memories. Persistent memory is central to the purpose, but stored content may influence future responses.
"添加事实" | 添加持久事实 | L3
Store only information you want retained, and maintain a way to review, correct, and delete memories.
If this layer is implemented by the local PKM service, memory content could potentially be shared or reused beyond a single private session.
The architecture mentions a collective memory and agent network layer, but the artifacts do not define its identity, sharing, or permission boundaries. No concrete inter-agent implementation is included.
L6 — NEBULA └─ 集体记忆、代理网络
Clarify whether the Nebula/collective-memory layer is active and whether any stored information is shared with other agents or users.