ClawHub

local-memory-skill

v1.0.1

Persistent local memory system for AI agents across conversations — file-based, zero external dependencies. Trigger when: (1) user asks to "remember" somethi...

2· 334·0 current·0 all-time
by@siyu-hu
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
Name/description match the behavior: an instruction-only, file-based local memory system. It requires no binaries, secrets, or network access and only reads/writes under well-defined home-directory paths (~/.claude, ~/.openclaw, ~/.agent-memory), which is proportionate to the stated purpose.
Instruction Scope
SKILL.md instructs the agent to check MEMORY.md at conversation start and to proactively write session content before context limits. That is consistent with a local memory skill, but 'proactively write important content' is subjective and relies on the agent to correctly identify what is safe to persist. The instructions include explicit 'Never write' rules for passwords/keys, which is good, but enforcement is left to runtime behavior (no automatic filtering or validation specified).
Install Mechanism
Instruction-only skill with no install spec and no code files. Nothing will be downloaded or written during install, so there is low installation risk.
Credentials
No environment variables, credentials, or unrelated config paths are requested. The set of requested resources (local file paths under home) is appropriate for a local memory feature.
!
Persistence & Privilege
The skill creates persistent files in users' home directories but does not specify file permissions, owner, or any encryption/locking. Although it forbids storing secrets, there is no technical enforcement. Persistent, unencrypted files under the home directory may be accessible to other local users/processes or backups — assess local threat model and consider requiring the agent to set restrictive permissions or an optional encryption step.
Assessment
This skill appears to be what it says: a local, file-based persistent memory system that does not use network calls or require credentials. Before enabling it, consider: (1) It will read/write files under your home directory (~/.claude, ~/.openclaw, or ~/.agent-memory); review those files (MEMORY.md and per-memory .md) regularly. (2) The skill relies on the agent to avoid storing secrets — do not ask the agent to 'remember' passwords, API keys, or other sensitive data. (3) The SKILL.md does not require or set file permissions or encryption; if your environment has other users or backups, sensitive content in plain files could be exposed — consider restricting permissions (chmod 600) or using an encrypted store. (4) If you want tighter control, require explicit user confirmation before each write, disable autonomous invocation for this skill, or test it in an isolated account first. (5) If you need auditability, ask for a change that logs writes and exposes a way to purge or export memories securely.

Like a lobster shell, security has layers — review code before you run it.

latestvk9704qhkarkq4avqyrh3z5bjmd82s2f1

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments