ClawHub

Auto Memory Distiller

v1.0.0

Automatically converts raw long conversations into structured, themed Markdown knowledge cards with source traceability, running incrementally and silently i...

0· 272·3 current·3 all-time
byPeng Shu@mashirops
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
high confidence
!
Purpose & Capability
The skill claims to be a local, silent distiller of long conversations — that capability matches the shipped script which reads session JSONL files and writes Markdown topics. However, the registry metadata lists no required environment variables or credentials while both SKILL.md and distiller.py require a GEMINI_API_KEY/GOOGLE_API_KEY. Also the metadata declares no required config paths but the code explicitly reads/writes ~/.openclaw/workspace and ~/.openclaw/agents/main/sessions. This mismatch between declared requirements and actual behavior is an incoherence.
!
Instruction Scope
The SKILL.md and script instruct the agent to read full conversation contents from ~/.openclaw/agents/main/sessions/*.jsonl, send those contents to the remote Gemini model for distillation, and write topic files including explicit filesystem pointers (file path + line ranges). Sending raw conversations to an external API (even with a redaction instruction) transmits potentially sensitive user data. The model-side redaction is not guaranteed to prevent exposure because the raw data is transmitted prior to any filtering.
Install Mechanism
This is an instruction-only skill with an included Python script; there is no install spec. The SKILL.md suggests installing google-genai and python-dotenv via pip, which is expected for the stated purpose. No third-party binary downloads or obscure URLs are used.
!
Credentials
The registry metadata declares no required env vars or primary credential, but both SKILL.md and distiller.py require GEMINI_API_KEY/GOOGLE_API_KEY (loaded from environment or ~/.openclaw/workspace/.env). Requesting a general cloud model API key is proportional to performing remote distillation, but the omission from declared requirements is misleading. Also SKILL.md suggests storing the key in the workspace .env file — that file may be world-readable depending on system permissions and increases risk if other local agents or processes can access it.
Persistence & Privilege
always:false (no forced inclusion) and the skill does not modify other skills. It is designed to run automatically (cron or heartbeat) and will create persistent artifacts (state.json, topic Markdown files) under ~/.openclaw/workspace; those artifacts include pointers to original session files which could make sensitive content easier to locate. Autonomous invocation is allowed by platform default — combine this with the data-exfiltration aspect when deciding whether to enable automatic runs.
What to consider before installing
Before installing or enabling this skill, consider the following: - It will read your conversation logs from ~/.openclaw/agents/main/sessions/*.jsonl and send those conversations to Google's Gemini API for processing. Any secrets or personal data in those conversations will be transmitted to an external service even though the prompt instructs the model to redact secrets — that is not a guaranteed client-side safe filter. - The registry metadata does not declare the GEMINI_API_KEY requirement or the config paths the code uses; treat that omission as a red flag and verify the behavior yourself. - The script writes Markdown topic files and a state.json in ~/.openclaw/workspace/, and it embeds filesystem paths/line numbers pointing back to raw session files — this can make raw data easier to find and expose. - Mitigations: (1) Run the script manually for testing rather than enabling automatic runs; (2) inspect the session JSONL files to ensure they contain no sensitive info before sending; (3) prefer using a dedicated, limited-scope API key and monitor its usage; (4) consider adding client-side redaction (remove/replace API keys, PII) before sending content to the model; (5) lock down file permissions on ~/.openclaw/workspace and the .env file; (6) if organizational policy forbids sending conversation contents to third-party models, do not enable this skill. If you want help producing a safe wrapper that does client-side redaction or that runs in an isolated environment, I can assist with a patch or run strategy.

Like a lobster shell, security has layers — review code before you run it.

latestvk9781dzscm4r5v0v0fn6n7app1828zey

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments