Automated daily memory backfill for OpenClaw sessions
v1.0.1Scrape and analyze OpenClaw JSONL session logs to reconstruct and backfill agent memory files. Use when: (1) Memory appears incomplete after model switches, (2) Verifying memory coverage, (3) Reconstructing lost memory, (4) Automated daily memory sync via cron/heartbeat. Supports simple extraction and LLM-based narrative summaries with automatic secret sanitization.
⭐ 0· 1.2k·5 current·5 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The skill claims to read OpenClaw session logs and produce memory files; the code references ~/.openclaw/agents/.../sessions and ~/.openclaw/workspace/memory which is coherent. It also supports optional external LLM backends (OpenAI/Anthropic) and an OpenClaw backend — that capability is expected for summarization. Minor mismatch: registry metadata lists no required environment variables but SKILL.md documents optional API keys (OPENAI_API_KEY, ANTHROPIC_API_KEY) for some backends; so metadata understates required credentials if you choose those backends.
Instruction Scope
SKILL.md and the code instruct the agent to read users' session logs and memory directories (highly sensitive data) and optionally send content to LLM backends for summarization. The README promises 'redaction at every stage' but the instructions also permit using external APIs (openai/anthropic) that would receive unredacted or partially redacted content unless you verify sanitization order. The SKILL.md grants broad discretion for daily automated runs (cron) and preserving/passing existing notes to the LLM, which increases the chance of sending sensitive content off-host. Instructions also reference writing logs to ~/.memory-sync/cron.log — normal but note it may contain sensitive filenames/operation traces.
Install Mechanism
No install spec is provided (instruction-only), which is lower risk. The SKILL.md notes pip installing click and optionally openai/anthropic packages; that is expected for a Python CLI. There are no external archive downloads or custom binary installs specified.
Credentials
Registry metadata declares no required env vars, but SKILL.md documents optional use of OPENAI_API_KEY and ANTHROPIC_API_KEY when selecting those backends. The shipping code contains a long list of sensitive environment variable names and many secret-detection regexes (used for sanitization) — appropriate for redaction but also an indicator the tool will scan for many secret types. Because the skill can be configured to call external APIs, API keys would be necessary for those modes; the registry metadata should have reflected that. Requesting or using unrelated credentials is not observed, but the mismatch is important.
Persistence & Privilege
always:false (default) so it is not force-included. Model invocation is allowed (default) which is normal. The skill is intended for scheduled (cron) use. Because it reads and writes user session and memory files, granting it regular/automated access raises sensitivity concerns: an autonomously-invoked skill that posts summaries to external backends increases exfiltration risk. No evidence it alters other skills or global agent config.
Scan Findings in Context
[pre-scan-injection:none] expected: Static pre-scan reported no injection signals. That absence is not proof of safety; the package includes a 90KB Python script that must be reviewed for network I/O and exact sanitization ordering before trusting it on sensitive logs.
What to consider before installing
This tool legitimately needs access to your OpenClaw session JSONL and memory directories to do its job, and it includes extensive secret-detection patterns to redact sensitive data — but redaction claims alone do not guarantee safety. Before installing or scheduling it: 1) Review memory_sync.py (search for any network calls, hardcoded endpoints, or functions that send data to remote hosts). 2) Run in dry-run mode on non-sensitive test data and verify that SECRET_PATTERNS actually redact secrets before any network operations. 3) If you plan to use external summarization backends (openai/anthropic), be explicit about the API key you supply and understand that data will leave your machine; prefer the 'openclaw' backend if you trust your configured model. 4) Backup memory files first and test --preserve/--force behaviors so you don't overwrite user notes. 5) Consider running it in a restricted environment (container or isolated user) and restrict cron ownership/permissions. 6) Ask the publisher for a homepage, source repo, or reproducible build; absence of a source/homepage reduces transparency. If you cannot review the code yourself, treat this skill as high-risk for sensitive accounts and data.Like a lobster shell, security has layers — review code before you run it.
latestvk97a195jv55vj9n2p964mq3y1s80r3zy
License
MIT-0
Free to use, modify, and redistribute. No attribution required.