ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

DreamMoon MemProcessor

Enables AI agents to grow organic personas through experience-driven memory with self-reflection and multi-layer persistent storage.

MIT-0 · Free to use, modify, and redistribute. No attribution required.
0 · 155 · 0 current installs · 0 all-time installs
by@zfanmy
MIT-0
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The codebase implements a multi-layer memory + persona engine (L1-L4, persona APIs, embedding/FAISS storage), which aligns with the skill name/description. However some defaults and extras are unexpected for a drop-in OpenClaw skill: a hard-coded BASE_DIR default of /root/.openclaw, on-disk archive/markdown storage and FAISS vector index creation, and a ConfigSync that can load arbitrary JSON/YAML files. These are plausible for a standalone memory service but are heavier and more invasive than a minimal 'agent skill' that only needs to call an external API.
!
Instruction Scope
SKILL.md instructs to pip install requirements and run start-simple.py. The runtime code will create directories under BASE_DIR, write and delete files (L3/L4), initialize a SQLite DB, and expose an HTTP API. The example curl in README/SKILL.md uses port 9090 while config default is 8080 (inconsistency). There is no instruction to secure the API; routes shown do not perform authentication checks. ConfigSync can read an arbitrary config_path (JSON/YAML/directory) and will feed that into persona creation — this could lead to the service reading local files if misused. L1 deserializes with pickle, which can execute arbitrary code if given crafted data. These behaviors expand the runtime scope beyond a simple helper and could expose or persist sensitive data.
Install Mechanism
There is no install spec in the registry (instruction-only). The package includes a requirements.txt and many Python modules; installation is via pip install -r requirements.txt as instructed. Notable runtime dependencies are faiss/numpy/SQLAlchemy/fastapi which are expected for a local vector/indexing service. No downloads from untrusted URLs are present in the provided files. Because it's instruction-only, the installer will fetch these packages from PyPI (normal risk).
!
Credentials
The registry declares no required env vars, but the application uses a Settings object that reads .env and exposes many configuration options (REDIS_PASSWORD, API_KEY, REDIS_HOST, etc.). Defaults allow the service to run without credentials, but that means data will be stored on disk and served without authentication by default (ALLOWED_ORIGINS=['*'], API_KEY empty). Requests for env vars are not explicit in SKILL.md, so the implicit reliance on .env and filesystem config is disproportionate and should be made explicit.
!
Persistence & Privilege
The service persists files under BASE_DIR (default /root/.openclaw), creates a SQLite DB, writes FAISS indexes and tar.gz archives, and deletes original files when archiving. It therefore will create and modify persistent storage on the host. The skill is not marked always:true, but its default behavior will write data under a root-owned path and open an unauthenticated HTTP API (host default 0.0.0.0), increasing blast radius if run on a network-accessible host.
What to consider before installing
What to consider before installing/starting this skill: - The code implements a full local memory service (HTTP API, SQLite, markdown files, FAISS) and will create and modify files on disk. By default it writes under /root/.openclaw — review and change BASE_DIR before running if you don't want data in that path. - The HTTP API appears unauthenticated by default (ALLOWED_ORIGINS='*', API_KEY default empty) and the app binds to 0.0.0.0 by default; this can expose your data and endpoints to other machines. Do not run it on a network-exposed host without adding authentication and binding to localhost. - L1 uses Python pickle.loads when reading cached data. Pickle is unsafe for untrusted data because it can execute arbitrary code. Only run this service in a trusted environment and avoid feeding it untrusted serialized inputs. - ConfigSync can load arbitrary JSON/YAML files and will create personas from them; be careful not to point it to sensitive system files. Similarly, the service persists truncated content (e.g., L4 stores first 500 chars) which may include secrets — review retention/archival policies. - SKILL.md/README use different ports (9090 vs 8080) — double-check configuration before exposing the service. - Inspect requirements.txt and memory-manager.sh (not shown or truncated) before pip installing or running any startup scripts; FAISS and other binary packages can be heavy and may require special installation steps. Recommended actions: - Run in an isolated environment (VM, container) with controlled network access. - Change BASE_DIR to a non-root path you control and confirm permissions. - Set API_KEY and implement authentication or bind the service to localhost only. - Inspect memory-manager.sh and any omitted files for networking/backups before use. - If you prefer minimal risk, use a reviewed hosted memory API or a smaller, read-only instruction-only skill instead of running this code locally.

Like a lobster shell, security has layers — review code before you run it.

Current versionv0.1.0
Download zip
latestvk976jvbf9538en5snvqhz2gkn582nk0g

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

SKILL.md

DreamMoon-MemProcessor

English: Pioneer in Empowering AI Agents with Independent and Complete Personas 中文: 为 AI Agent 赋予独立完整人格的引领者

Introduction | 简介

English: DreamMoon-MemProcessor is the first memory system to feature organic persona generation as a core capability.

Unlike traditional static character settings, it enables AI to:

  • 🌱 Grow naturally from experiences
  • 🔄 Self-evolve through reflection
  • ⚖️ Maintain stability while evolving

中文: DreamMoon-MemProcessor 是首个将有机人格生成作为核心能力的记忆系统。

不同于传统静态人设,它让 AI 能够:

  • 🌱 从经历中自然生长
  • 🔄 通过反思自我演进
  • ⚖️ 在变化中保持稳定

Core Features | 核心特色

🎭 Organic Persona Engine | 有机人格引擎

  • 10-dimensional persona model (Big Five + AI Traits) | 10维度人格模型(大五人格 + AI特质)
  • Experience-driven natural growth | 经历驱动的自然成长
  • Self-reflection and consistency maintenance | 自我反思与一致性维护

🧠 Four-Layer Memory Architecture | 四层记忆架构

  • L1 Hot → L2 Warm → L3 Cold → L4 Archive | L1 热存储 → L2 温存储 → L3 冷存储 → L4 归档
  • Automatic persistence and semantic search | 自动沉淀与语义搜索

Quick Start | 快速开始

# Install | 安装
pip install -r requirements.txt
python start-simple.py

# Generate Persona | 生成独立人格
curl -X POST http://localhost:9090/api/v1/persona/generate \
  -d '{"base_seed":"curious and friendly | 好奇友善","user_preferences":{"name":"AI Assistant | AI助手"}}'

About | 关于

Author | 作者: zfanmy & 梦月儿 (DreamMoon) 🌙 Philosophy | 理念: Empower every AI Agent with an independent and complete persona | 让每一个 AI Agent 都拥有独立完整的人格 Vision | 愿景: The path for AI to evolve from tools to companions | AI 从工具走向伙伴的必经之路

License | 许可证

MIT License - see LICENSE for details.

Let every AI Agent have an independent and complete persona 让每一个 AI Agent 都拥有独立完整的人格

Files

26 total
Select a file
Select a file to preview.

Comments

Loading comments…