ClawHub

Long-Term Memory Manager

v1.0.0

Long-term memory management system for maintaining MEMORY.md, consolidating daily memories, and extracting key insights. Use when: (1) Consolidating daily me...

0· 114·0 current·0 all-time
by@shenmeng
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The name/description describe long-term memory consolidation and maintenance. The included script implements consolidation, extraction of facts/preferences/decisions, search, compression, and archiving under ~/.openclaw/workspace. The requested resources (none) and file operations are consistent with the documented purpose.
Instruction Scope
SKILL.md instructs the agent to run the local script with flags that operate only on files under ~/.openclaw/workspace (memory, MEMORY.md, .memory-archive). That scope matches the purpose. Important note: the script's extraction patterns explicitly look for markers like 'account'/'credential' and will add matched content into the Important Facts / MEMORY.md file unencrypted; this can unintentionally consolidate sensitive secrets if they appear in daily memory files.
Install Mechanism
No install spec; the skill is instruction + a local Python script. There are no downloads, package installs, or external binaries referenced. This is low-install risk and easy to audit.
Credentials
The skill requires no environment variables or external credentials (proportional). However, the script will parse and persist any matching text from user memory files (including lines that look like accounts/credentials). That behavior is functionally related to the skill but has privacy/security implications and should be considered by the user.
Persistence & Privilege
always is false and the skill is user-invocable; it does not request elevated platform privileges or modify other skills. It persists data to files inside the user's ~/.openclaw/workspace, which is expected for this functionality.
Assessment
This skill appears to do what it says and does not contact external servers or request credentials, but it will aggregate any text in your daily memory files that matches its extraction patterns (including lines mentioning 'account' or 'credential') into a persistent MEMORY.md file. Before installing/running: (1) inspect the script yourself (it's included) and confirm regexes/behavior; (2) avoid putting real secrets in daily memory files or change the script to ignore credential-like lines; (3) run it on a copy/sandbox of your workspace first to observe outputs; (4) tighten filesystem permissions on ~/.openclaw/workspace or enable encryption/backups if MEMORY.md will contain sensitive material; (5) if you want to prevent accidental consolidation of secrets, modify or remove the 'account/credential' extraction rules in extract_facts_from_file.

Like a lobster shell, security has layers — review code before you run it.

latestvk9797dfw42jhrpa378tyrjdgk983p8mv

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments