Lingxi-MindVault - Auto Memory Extraction for OpenClaw
v1.1.15自动记忆提炼 & 写入飞书知识库。定时扫描 OpenClaw 会话文件,自动提炼有价值的记忆,写入飞书多维表格/云文档知识库。
⭐ 3· 181·0 current·0 all-time
byLingxi(灵曦)@liuxiaolong1988
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
medium confidencePurpose & Capability
The skill claims to extract memories from local OpenClaw sessions and write to Feishu; the included scripts explicitly read session files, call the openclaw agent, and instruct the agent to write to Feishu L2/L3/L4—this is coherent with the stated purpose. NOTE: registry metadata at the top of the package (in the provided summary) said “Required env vars: none”, while skill.json and SKILL.md list required environment variables (FEISHU_USER_OPEN_ID, L2_APP_TOKEN, L2_TABLE_ID, L3_DOC_ID, L4_DOC_ID). That metadata mismatch is an inconsistency that should be resolved before trusting the registry entry.
Instruction Scope
The runtime instructions and scripts stay within the stated scope: they scan the OpenClaw sessions directory, filter sessions, invoke an OpenClaw agent to perform extraction, and rely on agent/tooling to write into Feishu. This behavior matches the description. Important privacy note: the scripts read entire session files and place session contents (via the prompt) into the agent call—so all conversation text can be processed and transmitted to the agent and then to Feishu. That is expected for the feature but is a sensitive operation and requires explicit user consent.
Install Mechanism
There is no automated install spec — the skill is instruction + shell scripts only. No external downloads or archives are used. The README suggests optional system packages (inotify-tools, jq) but those are not pulled automatically by the skill; this is low-risk compared to remote installs. Confirm those packages yourself if you use file-watching features.
Credentials
The environment variables required in SKILL.md and skill.json (FEISHU_USER_OPEN_ID, L2_APP_TOKEN, L2_TABLE_ID, L3_DOC_ID, L4_DOC_ID) are appropriate and proportionate for a skill that writes to a user's Feishu workspace. However, the registry metadata at the top of the supplied bundle incorrectly listed no required env vars, creating an inconsistency. Also note that L2_APP_TOKEN and app/doc IDs are sensitive and grant access to write to your Feishu resources — only supply credentials/IDs for accounts you control and trust.
Persistence & Privilege
The skill does not request 'always: true' or other elevated platform privileges. It writes state to its own workspace paths (/root/.openclaw/workspace and memory/.extracted_sessions), uses /tmp for temporary files and locks, and spawns background processes via cron/cron-like scheduling. Those are expected for a background extraction tool. Ensure workspace permissions are limited, as the skill will write extracted_session markers and temporary files to disk.
Assessment
This skill is functionally consistent with its description, but it will read your full OpenClaw session files and send their contents to the OpenClaw agent, which will then write extracted results into Feishu — so only install if you are willing to have your chat contents processed and stored in your Feishu workspace. Before installing: (1) resolve the metadata inconsistency (the registry summary claimed no required env vars, but the package requires FEISHU_* and L2/L3/L4 IDs); (2) review and replace any example Feishu IDs in .env with your own credentials and keep .env out of version control; (3) run the scripts in an isolated/test environment first (or on non-sensitive sessions) to confirm behavior; (4) limit filesystem permissions for the workspace and .env so only the intended user can read them; (5) if you have high-security or sensitive conversations, do not enable this skill or ensure the target Feishu space is appropriately access-controlled. If you want greater assurance, ask the author to: publish a homepage/repo, sign or publish a canonical release, and clarify the registry metadata to list required env vars and external dependencies (inotify-tools/jq) clearly.Like a lobster shell, security has layers — review code before you run it.
automationvk978wajdd7e9g86b5mz3fxmsbs83hk56feishuvk978wajdd7e9g86b5mz3fxmsbs83hk56larkvk978wajdd7e9g86b5mz3fxmsbs83hk56latestvk972xgm6tz1ztt9dmq51a3w7rh83hwf8memoryvk978wajdd7e9g86b5mz3fxmsbs83hk56openclawvk978wajdd7e9g86b5mz3fxmsbs83hk56
License
MIT-0
Free to use, modify, and redistribute. No attribution required.