hawk-memory-v2

This package mostly matches a local memory manager, but there are multiple documentation vs runtime mismatches you should consider before installing: - Documentation claims 'zero external dependencies' and 'no API Key', yet SKILL.md instructs 'pip install lancedb' and shows optional use of OPENAI_API_KEY / MINIMAX_API_KEY for embeddings. Treat provider API keys as required for full functionality and avoid supplying keys unless you trust the code. - The skill reads and writes local memory directories (e.g., ~/.openclaw/memory and memory/.hawk/*.jsonl) and can import all .md files it finds. Audit those paths and ensure they do not contain sensitive data you don't want processed or stored by the skill. - The HawkContext autoCapture/autoRecall behavior will inject stored memories into LLM prompts and auto-save extracted memories at context exit. If you enable network-based providers, conversation content may be sent to those provider endpoints. Review the code (extractor, vector_retriever, wrapper) for exactly where network calls happen before passing credentials. - There is no registry-declared requirement for env vars, so you could accidentally expose credentials by following examples. If you test, run in an isolated environment (container or VM) and avoid setting real API keys until you audit the code. - Recommended next steps: inspect the included scripts/install.sh and the hawk/*.py files for HTTP requests, telemetry, or unexpected endpoints; run the package in a sandbox; consider using local-only modes (keyword/extractor, file-backed JSONL) if you need offline operation. Given the inconsistencies and the package's ability to read files and send data to external providers, proceed with caution and verify the code before granting credentials or using it with sensitive data.