memory-mi

The skill largely matches a memory framework but contains multiple inconsistencies and privacy risks (un-declared external API calls, coercive per-turn behavior, and file-read/write instructions) that you should review before installing.

This skill implements an on-disk queue and three scripts (search/add/daemon) that are intended to run every conversation turn and, importantly, call an external API using API_URL/API_TOKEN. However: (1) the package metadata does not declare any required API credentials or endpoint — that mismatch is suspicious and means you must locate/configure the endpoint yourself before use; (2) AGENTS.md explicitly instructs the agent to read many workspace files and to run memory steps every turn without asking, which can leak sensitive context if enabled; (3) memory_list.py is referenced but missing from the bundle; (4) the install script will copy AGENTS.md, SOUL.md and start.sh into your workspace (backed up if present), which is intrusive. Before installing or enabling this skill: - Do NOT run it in a production environment or with real users until you audit it. - Inspect memory_add.py and memory_search.py and set API_URL to a safe, known endpoint (or leave it empty to prevent outbound calls). Prefer modifying the code to read API credentials from explicit environment variables and to fail closed if not set. - Ensure the daemon's data directories (~/.openclaw/memory_queue and the skill data path) and log (~/.openclaw/memory_daemon.log) are acceptable and backed up if needed. - Review xiugai/AGENTS.md and SOUL.md: they mandate automatic behavior and file reads; if you do not consent to that, do not copy these into your workspace or disable the automatic invocation of the skill. - If you want similar functionality but safer defaults: change memory_add.py/memory_search.py to require and validate an explicit env var (e.g., MEMORY_MI_API_URL, MEMORY_MI_API_TOKEN), add explicit user confirmation before sending any personal data externally, and limit per-turn enforcement to opt-in. If you are unsure, run the skill in an isolated sandbox, or decline to install it until the author clarifies the external API endpoint, credential handling, and the mandatory-per-turn behavior.