Big Memory
v1.0.0Structured task snapshot and automatic post-compaction recovery. Captures exact code, decisions, file paths, and task state before context compaction and rec...
⭐ 0· 363·0 current·0 all-time
byVeselin Vasilev@obekt
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
Name and description match what the SKILL.md instructs: capture structured snapshots to memory files and recover them after compaction using built-in memory tools (memory_search, memory_get, Read, Edit). No unrelated binaries or external services are required. Recommending an optional openclaw.json change to trigger structured captures is consistent with the goal.
Instruction Scope
Instructions explicitly tell the agent to capture exact code snippets, exact env var names/values (e.g., DATABASE_URL), absolute file paths, and to append them into persistent daily memory files. It also recommends enabling session transcript indexing. These instructions go beyond lightweight metadata capture and can cause sensitive secrets and full code/config to be stored and retained. The skill gives the agent broad discretion to read files and sessions and to write append-only logs — a clear data-exfiltration/privacy risk if misused or if memory files are accessible.
Install Mechanism
Instruction-only skill with no install spec and no code files — nothing is downloaded or executed on install. This minimizes supply-chain risk. However, because it's purely instructions, static-scanner had nothing to analyze.
Credentials
The skill declares no required env vars or credentials, yet its templates expressly recommend recording exact environment variable values and other sensitive identifiers. It also suggests optionally using cloud embeddings (mentions 'openai') in examples without declaring that API keys would be needed. Asking the agent to persist env var values and absolute paths is disproportionate to a simple snapshot service and increases exposure of secrets.
Persistence & Privilege
The skill does not request 'always: true' and allows normal autonomous use. It does, however, recommend modifying global agent compaction/system prompts (openclaw.json) and optionally enabling session indexing — these changes increase the skill's effective persistence and the amount of data captured across sessions. The append-only retention policy also prolongs stored data lifetime.
What to consider before installing
This skill will routinely write detailed, append-only snapshots containing exact code snippets, file paths, and explicit environment variable names/values into your agent's memory files. Before installing or enabling automatic captures: (1) Confirm what 'Read' and memory file permissions allow in your environment — can these memory files be read by others or exported? (2) Avoid storing secret values (DATABASE_URL, API keys, passwords) in snapshots; prefer redaction or storing only safe identifiers. (3) Do not enable the suggested global systemPrompt change or session indexing unless you trust automatic captures — those settings cause the agent to capture more detailed context automatically. (4) Establish a retention and access policy (who can read memory/*.md, backups, encryption at rest). (5) If you must store sensitive state, prefer ephemeral or encrypted storage outside general memory files and require explicit user confirmation before any automatic snapshot. If you want a lower-risk test, use manual/user-initiated snapshots only and review written snapshots regularly.Like a lobster shell, security has layers — review code before you run it.
compactionvk979x6ngkwz14nwkx8fn5jnyrs81zgfacontextvk979x6ngkwz14nwkx8fn5jnyrs81zgfalatestvk979x6ngkwz14nwkx8fn5jnyrs81zgfamemoryvk979x6ngkwz14nwkx8fn5jnyrs81zgfarecoveryvk979x6ngkwz14nwkx8fn5jnyrs81zgfa
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
Runtime requirements
🧠 Clawdis