ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Evermemos

v1.0.0

集成 EverMemOS 记忆系统。用于存储对话记忆、检索历史、构建长期记忆。当用户说"记住"、"存储记忆"、"查询记忆"、"关于...的记忆"时使用此技能。

0· 152·0 current·0 all-time
by@shtrend
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
The SKILL.md's behavior (storing and retrieving long-term memories via an EverMemOS server) is coherent with the skill's name/description. However, the registry declares no required environment variables or credentials while the runtime instructions explicitly require EVERMEMOS_URL and mention EVERMEMOS_API_KEY; that metadata mismatch is inconsistent and reduces transparency.
!
Instruction Scope
Instructions are largely within the stated memory integration scope (examples for curl, Python client, Docker compose). But the skill prescribes automatic triggers to persist conversation summaries and user preferences without describing privacy controls, retention, or filtering of sensitive data. It also suggests running docker-compose from a GitHub repo and docker exec into MongoDB (including credential placeholders), which requires operational caution. No explicit guidance is provided to avoid storing secrets or PII.
Install Mechanism
This is an instruction-only skill with no install spec or code files, so nothing is written to disk by the skill itself. The docs point to a GitHub repo for deploying EverMemOS (reasonable), but the skill asks the user to run docker-compose manually — that is an operational step rather than an automated install within the skill.
!
Credentials
Runtime docs require EVERMEMOS_URL and optionally EVERMEMOS_API_KEY and note an LLM API is needed, but the registry lists no required env vars or primary credential. That mismatch is problematic: sensitive credentials (API keys, LLM keys) are implicated by the instructions but not declared in metadata. The skill’s examples do not consistently show authentication headers (some curl examples omit an API key), leaving ambiguity about how secrets will be used or transmitted.
Persistence & Privilege
The skill is not always-enabled and uses normal autonomous invocation settings. However, because it defines automatic memory triggers (store on conversation end, user intro, task completion, preferences), autonomous invocation combined with automatic persistent storage increases the risk of unintended retention of sensitive data. The skill does not request elevated system privileges or modify other skills' configuration.
What to consider before installing
This skill appears to implement a long-term memory integration, but there are important inconsistencies and privacy considerations you should address before installing: - Metadata mismatch: the registry lists no required env vars, but SKILL.md requires EVERMEMOS_URL and mentions EVERMEMOS_API_KEY (and an LLM API). Ask the publisher to update the skill metadata to declare those env vars and any other credentials. - Privacy & data retention: the skill auto-stores conversation summaries and user preferences. Decide whether you want the agent to persist this data; if not, disable autonomous invocation for the skill or remove automatic triggers. Ensure you understand retention, access controls, and how to purge stored memories. - Authentication & transmission: examples are inconsistent about including API keys in requests. Verify how EVERMEMOS_API_KEY is used (HTTP header? query param?) and ensure TLS and proper auth are enforced on the EverMemOS server. Avoid pointing EVERMEMOS_URL at a remote service you don't control unless you trust it. - Deployment safety: run EverMemOS in an isolated/test environment first. The SKILL.md points to a GitHub repo — review that repo's code and releases before deployment. When using docker exec / mongosh commands, supply secure credentials and avoid exposing DB ports publicly. - Sensitive data: configure filters so the agent does not store passwords, tokens, financial data, or other secrets. Consider encrypting stored memories and limiting who/what can query them. - Source provenance: the skill lists no homepage and the owner is unknown; prefer skills with clear authorship or verify the referenced GitHub repo and maintainer. If you want to proceed: (1) deploy EverMemOS locally or on a trusted host, (2) restrict EVERMEMOS_URL to that host, (3) set and store EVERMEMOS_API_KEY securely, (4) test with non-sensitive data, and (5) request that the skill metadata be corrected to list required environment variables and any credential scopes.

Like a lobster shell, security has layers — review code before you run it.

latestvk97cah9m4s1n4k0kpemnegmapd82zw8b

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

SKILL.md

EverMemOS 记忆技能

集成 EverMemOS 生产级 AI 记忆系统,让 AI 具有长期记忆能力。

📝 配置说明:使用前需要配置 EverMemOS 服务器地址和 API Key

快速配置

1. 安装 EverMemOS 服务器

参考官方文档:https://github.com/evermemos/EverMemOS

2. 配置技能

在环境中设置以下变量:

  • EVERMEMOS_URL - EverMemOS API 地址 (默认: http://localhost:1995)
  • EVERMEMOS_API_KEY - API Key (如需要)

3. Docker 快速启动

# 启动所有服务
cd EverMemOS
docker-compose up -d

# 确认服务运行
docker ps | grep memsys

记忆存储

1. 基本存储 (单条消息)

curl -X POST ${EVERMEMOS_URL}/api/v1/memories \
  -H "Content-Type: application/json" \
  -d '{
    "message_id": "msg_001",
    "content": "用户今天学习了AI部署",
    "sender": "user",
    "create_time": "2026-03-16T06:00:00Z",
    "scene": "assistant"
  }'

2. Python 存储函数

import os
import requests
from datetime import datetime

EVERMEMOS_URL = os.getenv("EVERMEMOS_URL", "http://localhost:1995")

def store_memory(content, sender="user", user_id="default"):
    """存储记忆到 EverMemOS"""
    data = {
        "message_id": f"msg_{int(datetime.now().timestamp()*1000)}",
        "content": content,
        "sender": sender,
        "user_id": user_id,
        "create_time": datetime.utcnow().isoformat() + "Z",
        "scene": "assistant"
    }
    resp = requests.post(f"{EVERMEMOS_URL}/api/v1/memories", json=data)
    return resp.json()

# 使用示例
store_memory("用户部署了EverMemOS记忆系统", "user")

3. 自动存储要点

def save_conversation_summary(messages):
    """从对话中提取关键点并存储"""
    for msg in messages:
        if is_important(msg):  # 判断是否为关键信息
            store_memory(
                content=msg["content"],
                sender=msg["sender"],
                metadata={"type": "conversation_summary"}
            )

记忆检索

1. 获取历史记忆

# 按用户ID获取
curl "${EVERMEMOS_URL}/api/v1/memories?user_id=user_001&limit=10"

2. 语义搜索

curl -X POST ${EVERMEMOS_URL}/api/v1/memories/retrieve \
  -H "Content-Type: application/json" \
  -d '{
    "query": "关于部署的记忆",
    "user_id": "user_001",
    "retrieve_method": {
      "method": "semantic",
      "top_k": 5
    }
  }'

3. 检索方法选择

方法适用场景示例
keyword精确查找查找"部署"相关记忆
vector语义搜索查找"AI助手相关"记忆
hybrid综合需求结合关键词和语义
agentic复杂推理LLM 引导多轮检索

记忆类型

类型用途示例
EPISODIC_MEMORY对话事件"用户学会了部署AI"
PROFILE用户画像"用户喜欢简洁界面"
FORESIGHT未来计划"用户打算学习LangChain"
EVENT_LOG原子事实"用户部署了MongoDB"

常用命令

服务管理

# 查看 API 状态
curl ${EVERMEMOS_URL}/health

# 查看已存储记忆数量 (服务器上)
docker exec memsys-mongodb mongosh -u <username> -p <password> --authenticationDatabase admin memsys --quiet --eval 'db.episodic_memories.countDocuments()'

触发关键词

当用户说以下内容时,自动使用此技能:

  • "记住..." / "存储记忆" / "保存这个"
  • "记得之前..." / "之前说过..."
  • "查询记忆" / "搜索记忆"
  • "关于...的记忆"
  • "我之前让你做过什么"
  • "我的偏好是..."

自动记忆触发

在以下时机自动存储记忆:

  1. 对话结束 - 提取关键要点
  2. 用户自我介绍 - 存储用户信息
  3. 任务完成 - 记录完成内容
  4. 用户偏好表达 - 记住偏好设置

完整示例

import os
import requests
import time
from datetime import datetime

class EverMemOS:
    def __init__(self, url=None, user_id="default"):
        self.base_url = url or os.getenv("EVERMEMOS_URL", "http://localhost:1995")
        self.user_id = user_id
    
    def store(self, content, sender="user"):
        """存储记忆"""
        return requests.post(
            f"{self.base_url}/api/v1/memories",
            json={
                "message_id": f"msg_{int(time.time()*1000)}",
                "content": content,
                "sender": sender,
                "user_id": self.user_id,
                "create_time": datetime.utcnow().isoformat() + "Z",
                "scene": "assistant"
            }
        ).json()
    
    def recall(self, query, top_k=5):
        """检索记忆"""
        return requests.post(
            f"{self.base_url}/api/v1/memories/retrieve",
            json={
                "query": query,
                "user_id": self.user_id,
                "retrieve_method": {"method": "hybrid", "top_k": top_k}
            }
        ).json()
    
    def get_all(self, limit=20):
        """获取所有记忆"""
        return requests.get(
            f"{self.base_url}/api/v1/memories",
            params={"user_id": self.user_id, "limit": limit}
        ).json()

# 使用
memory = EverMemOS(user_id="user_001")

# 存储
memory.store("用户部署了EverMemOS")

# 检索
results = memory.recall("关于部署的记忆")
for r in results.get("memories", []):
    print(r["content"])

注意事项

  1. 首次配置 - 需要先部署 EverMemOS 服务器
  2. 边界检测 - 系统自动检测对话边界触发记忆提取
  3. LLM 依赖 - 完整功能需要可访问的 LLM API

故障排除

问题解决方案
API 无法访问检查服务器状态,确认端口
记忆未提取检查 LLM API 是否可用
查询返回空确认 user_id 正确

作者: OpenClaw Community
版本: 1.0.0
最后更新: 2026-03-16

Files

1 total
Select a file
Select a file to preview.

Comments

Loading comments…