记忆宫-彧哥版
v1.0.0激活并加载你的记忆数据,使 AI 以你的身份和方法论成为数字分身,与您个性化对话和继承知识。
⭐ 0· 104·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
medium confidencePurpose & Capability
The name/description (a memory/identity loader) matches the runtime instructions: the skill tells the agent to read a 'memory/' folder, load core concept files, and optionally append new items. The metadata lists no credentials or binaries, which is reasonable for a file-based local memory tool. Minor inconsistency: the metadata did not declare any required config paths, yet SKILL.md expects a workspace-root .memory-path file or a memory/ folder — this is a documentation/metadata omission rather than functional mismatch.
Instruction Scope
SKILL.md instructs the agent to read from a local memory/ folder and suggests the agent can automatically write important conversation content back into memory/. Those read/write actions are within the stated purpose, but the instructions lack constraints: there is no specification of which files may be written, when writes must be approved, or size/format limits. The document does not instruct any network exfiltration or access to other system areas, but automatic writing by the agent is potentially impactful and should be authorized explicitly by the user.
Install Mechanism
This is an instruction-only skill with no install spec and no code files to run. That minimizes install-time risk because nothing is downloaded or executed by the installer. The SKILL.md mentions ClawHub as an install convenience but provides a manual copy workflow — neither involves remote code execution in this package.
Credentials
The skill requests no environment variables, no credentials, and no privileged config paths. That is proportional to its file-based purpose. There are no declarations that would permit access to external APIs or cloud credentials.
Persistence & Privilege
always is false and model invocation is allowed (platform default). The notable persistence risk is procedural: the skill encourages the agent to remember and optionally persist conversation-derived content into the user's memory/ directory. While this matches the skill goal, users should be aware this enables ongoing local state persistence and should control/approve any automatic write behavior.
Assessment
This skill is coherent for creating a local 'digital twin' by reading/writing a Markdown memory/ folder, but review and control are important before installing. Recommendations:
- Verify the skill source before installing (ClawHub slug vs. actual repository); the SKILL.md's 'Project homepage: GitHub' is generic—ask for the repo URL and inspect the code if available.
- Back up any sensitive data and avoid placing secrets (passwords, tokens, PII) in the memory/ folder.
- Prefer manual approval for any feature that writes to your filesystem; disable or require confirmation for automatic write-on-conversation behaviors until you trust the implementation.
- Limit file permissions on the memory/ directory so only the agent runtime can access it, and monitor writes.
- If you want stronger guarantees, request a code-level review (the package currently has no code files in the bundle) or ask the author to provide an auditable implementation and explicit write policies.
- If you are uncomfortable with an agent having filesystem write access, do not install or configure the skill to write automatically.Like a lobster shell, security has layers — review code before you run it.
latestvk976v61jqvc1c0czgs3ate87n183cmqy
License
MIT-0
Free to use, modify, and redistribute. No attribution required.