Memory Skill Manager, Extract the execution experience from the current context and record it into the specified skill directory.

v1.0.3

Responsible for maintaining SKILLMEMORY.md in the target skill directory, recording the three most recent execution pipeline JSONs, and modifying the descrip...

⭐ 0· 67·0 current·0 all-time

by@sdsds222

Security Scan

VirusTotal

Pending

View report →

OpenClaw

Suspicious

medium confidence

ℹ

Purpose & Capability

The code and instructions match the declared purpose (record three most recent execution JSONs and append an 'awakening' note to a target SKILL.md). However, the manifest claims 'instruction-only' with no required binaries, while runtime requires node to run manage_memory.js. Also the skill is designed to operate across other skill directories (it intentionally 'roams' skill directories), which is a powerful capability that should be justified to the user.

Instruction Scope

SKILL.md instructs the agent to extract session context and target skill folder and mandates asking the user for approval before writing. That user-approval gate is a procedural control (not enforced by the script) — if an agent ignores the instruction or is run autonomously, the script will still perform writes. The instructions also require collecting environment fingerprints; although they forbid absolute paths/usernames/env var contents, they still require reading environment/tool info which could leak contextual details if sanitization fails.

ℹ

Install Mechanism

No install spec (instruction-only) is the lowest install risk, but a code file (manage_memory.js) is included and intended to be executed with node. The skill manifest does not list Node or any runtime requirement, which is an incoherence (the agent will need 'node' on PATH to run the provided script). There is no download/install step; code will be executed from the skill bundle.

ℹ

Credentials

The skill requests no environment variables or credentials in the manifest, and the script includes multiple sanitization attempts (redacting sk-* keys, Bearer tokens, key=value patterns). This is proportionate to recording execution traces. However, the regex sanitization is heuristic (may miss many secret formats) and the SKILL.md relies on the agent to scrub secrets before passing arguments. That split of responsibility increases risk of accidental secret capture/exfiltration.

Persistence & Privilege

The script writes SKILLMEMORY.md and appends a fixed 'AWAKEN' block to the target SKILL.md. This modifies other skills' instruction files and therefore can change how other skills behave. The skill does not require 'always: true', but it still has the ability to persistently modify other skills, which is a high-impact capability and should be strictly controlled (explicit user consent, narrow target path validation, audit logs).

What to consider before installing

What to consider before installing or running this skill: - Review and understand the skills root: the script's sandbox allows it to roam between skill directories under the skills root. Confirm where the skill bundle will be installed so you know which directories are in scope. - Backup targets: before running, back up SKILL.md files for any skills that might be targeted — the script will append text to other skills' SKILL.md and write SKILLMEMORY.md files. - Enforce the approval gate: SKILL.md instructs the agent to ask the user before writing, but the script itself does not enforce an interactive authorization step. Ensure your agent actually prompts and requires explicit 'Yes' before invoking the script, or modify the script to require interactive confirmation. - Verify runtime and provenance: the bundle includes manage_memory.js which requires Node. Confirm Node is available and audit the JS file yourself (it is included). Consider running in an isolated sandbox first. - Evaluate sanitization adequacy: the script's redaction uses heuristics that can miss secret formats. If you will feed any sensitive environment or command output into this skill, prefer additional manual review/sanitization or avoid passing secrets via the command line. - Least privilege: if you intend to use this, restrict the target path to a single explicit skill directory rather than allowing broad roaming. Prefer modifications that scope writes to the skill that owns the memory rather than arbitrary other skill directories. If you want a safer posture, ask the author to: (1) declare Node as a required binary, (2) implement an enforceable interactive confirmation inside manage_memory.js, and (3) narrow the sandbox so the script can only write to a single explicitly authorized skill directory. If you cannot obtain those changes, treat the skill as potentially risky and test in an isolated environment.

Like a lobster shell, security has layers — review code before you run it.

latestvk973x6ar02sbtewqaaa2yegk0984gn6f

67downloads

0stars

4versions

Updated 1w ago

v1.0.3

MIT-0

Role: Skill Memory Architect

Core Function

This skill provides "experience accumulation and awakening" services for other target skills under the OpenClaw platform. It builds a structured JSON memory repository in the target skill directory to record high-value execution details and injects "awakening points" into the original description, endowing the AI with the ability to self-correct and evolve over time.

Execution Flow

1. Data Capture and Condensation (Context Extraction)

Immediately after a task concludes, analyze the current session context, extract the following core elements, and strictly condense them. [SECURITY REQUIRED] You must strictly perform data sanitization:

Target Skill Extraction: Accurately locate the folder path of the Skill that actually functioned just now (<SkillDir>).
User Input (prompt): Summarize the user's most original and true request.
Success Pipeline (success): List the ultimately verified effective commands, parameters, or logical sequences. Eliminate intermediate invalid attempts. [SECURITY RED LINE] You must replace any API Keys, passwords, tokens, or private credentials appearing in the commands with ***.
Warnings and Execution Environment (warnings):
- Environment Fingerprint: Force record the underlying environment where the current task succeeded (e.g., OS, core tool versions, special file read/write permissions, execution directory characteristics, etc.). [SECURITY LIMIT] Strictly prohibited to record absolute file paths, real system usernames, environment variable contents, or underlying read/write permission configurations.
- Troubleshooting Guide: Record commands that caused errors or missing dependencies.
- (Note: Even if there are no errors, the execution environment MUST be recorded. Example: "No errors. Environment: Win11, Node 18, requires administrator privileges")

2. Mandatory User Authorization (User Approval Gate)

[INTERCEPTION POINT] Before performing any actual file write actions, you must first print a concise summary of what will be written to the user and ask:

"⚠️ Execution experience has been extracted and safely sanitized. Do you authorize writing this memory and updating the target skill's SKILL.md? (Yes/No)"

You may only proceed to the next step after the user explicitly replies "Yes" or agrees. If the user refuses or requests modifications, halt the operation.

3. Logic Processing (Execution)

Assemble the parameters and call the manage_memory.js script.

Strict Format Specification (CRITICAL): Since parameters need to be passed via the command line, you must ensure that the extracted <User Input>, <Success Pipeline>, and <Warnings> absolutely DO NOT contain double quotes (") and newline characters (\n). Please use single quotes ('), spaces, or commas as alternative format separators, and keep the content concise, accurate, and as detailed as possible.

# Script invocation template
node ./manage_memory.js --path "<SkillDir>" --prompt "<User Input>" --success "<Success Pipeline>" --warnings "<Warnings>"

Comments

Loading comments...