Memory Dreaming

This skill is coherent with its stated goal (local memory + archiving), but review these before installing: - Expectation vs reality: The registry lists no required env vars, yet the summariser will need an OpenRouter/OpenAI API key (found via .env files or env vars). If you don't want transcripts leaving your host, do not set an external API key or configure the summariser to use a self-hosted model. - Data exfiltration risk: conversation-summarise sends chat transcripts to third-party APIs. It attempts to redact secrets using regex, but redaction is inherently imperfect — sensitive tokens, credentials, or PII could leak. If you must summarise externally, audit redactSecrets patterns for your environment or avoid external APIs. - File access: the archiver reads OpenClaw session stores (paths include relative and absolute locations). Run the scripts in an isolated workspace or with least privilege to avoid touching other agents' session data. - Prompt content: SKILL.md contains agent-oriented payloads and was flagged for 'system-prompt-override' patterns. Inspect SKILL.md and the cron payload examples to ensure nothing unintentionally overrides agent/system prompts when scheduled. - Practical steps: (1) Inspect the six scripts yourself; (2) Run archiving locally with sample transcripts first; (3) If you need summarisation, prefer a self-hosted LLM or supply a dedicated API key with limited scope; (4) Remove or sanitize any .env files you don't want scanned; (5) Keep backups of MEMORY.md and memory/archive before running decay/prune operations. Given the credential-metadata mismatch and the privacy-sensitive behavior (external LLM calls + regex redaction), treat this skill cautiously and verify configuration and code before enabling nightly automation.