ClawHub

secure-memory-stack

一个安全的本地化记忆系统,结合百度Embedding语义搜索、Git Notes结构化存储和文件系统,确保数据隐私和安全。

MIT-0 · Free to use, modify, and redistribute. No attribution required.
3 · 1.7k · 0 current installs · 0 all-time installs
by@xqicxx
MIT-0
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
The skill claims '完全本地化 / 零数据上传' but many scripts and docs require or attempt to use Baidu embedding APIs (BAIDU_API_STRING / BAIDU_SECRET_KEY) and import modules that contact external services. The registry metadata lists no required env vars while clawdbot.skill.json includes optional Baidu keys; several runtime scripts treat those keys as mandatory. This is a mismatch between the stated purpose (local-only) and the capability (optional external API integration).
!
Instruction Scope
SKILL.md and the included scripts instruct the agent to create, read, and modify many files and directories under /root/clawd (MEMORY.md, SESSION-STATE.md, memory/, backups/, .git operations). Several scripts (startup checks, verification, diagnose) import and run Python modules from other skills' directories (e.g., memory-baidu-embedding-db, git-notes-memory, baidu-vector-db), run git operations, and run arbitrary Python code. Some scripts will fail or exit if Baidu env vars are not present, so their behavior is conditional but intrusive. The skill also runs recursive chmod and copies files — broader file-system access than a minimal memory helper.
Install Mechanism
There is no formal install spec (instruction-only), which reduces direct supply-chain risk, but package.json declares Node dependencies (memory-baidu-embedding-db, git-notes-memory) and scripts expect Python modules under /root/clawd/skills/… . The code assumes other skill packages or modules are present on-disk; lack of a clear, trusted install/retrieval mechanism for those dependencies is an inconsistency and increases operational fragility.
!
Credentials
The repository and scripts reference sensitive environment variables (BAIDU_API_STRING, BAIDU_SECRET_KEY, BAIDU_API_KEY, BAIDU_EMBEDDING_ACTIVE, EMBEDDING_CACHE_ENABLED, PERFORMANCE_MODE) yet the registry metadata declared 'Required env vars: none' (and BAIDU keys marked optional). Several scripts actively require those env vars and will exit on missing credentials. Asking for secret API credentials to use an 'offline' memory system is disproportionate unless the user explicitly enables semantic search; this contradiction should be clearly documented and enforced only when necessary.
!
Persistence & Privilege
always is false (good), but the skill's scripts create and modify files under /root/clawd, initialize git repos, set global file permissions (chmod -R 755 on workspace), write backups, and update SESSION/MEMORY files. Those actions give the skill broad filesystem persistence within the Clawd workspace and can alter other skills' directories (it probes /root/clawd/skills/* and checks WHITELISTED.md). While not necessarily malicious, these are high-privilege operations and warrant caution.
What to consider before installing
Key points before installing: 1) This package claims 'local-only' but many scripts will call external Baidu embedding APIs if you provide credentials — don't provide BAIDU_API_* keys unless you trust the implementation and need remote embedding. 2) Inspect scripts that run Python modules from /root/clawd/skills/* — those imports execute code from other skill folders; ensure those modules are trusted. 3) The skill creates and modifies many files under /root/clawd and runs chmod -R on that workspace; run in an isolated test environment (non-root) or snapshot/backup /root/clawd before use. 4) Because there is no explicit install spec for dependencies, verify how memory-baidu-embedding-db and git-notes-memory are installed and from what sources. 5) If you want to proceed, run the skill in a sandbox/container, avoid supplying real secret credentials until you audit the code paths that send data externally, and consider setting file-system permissions/ownership limits so the skill cannot alter unrelated system files.

Like a lobster shell, security has layers — review code before you run it.

Current versionv1.0.0
Download zip
latestvk970ryjzggcej1tcncdfd8wyrd80fetc

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

SKILL.md

安全记忆系统栈 (Secure Memory Stack)

一个安全的本地化记忆系统,结合百度Embedding语义搜索、Git Notes结构化存储和文件系统,确保数据隐私和安全。

功能特点

  • 完全本地化 - 所有数据存储在本地设备
  • 零数据上传 - 不向任何外部服务发送数据
  • 语义搜索 - 基于百度Embedding的语义相似性搜索
  • 结构化存储 - Git Notes提供结构化记忆管理
  • 文件系统 - 传统文件存储,易管理
  • 混合搜索 - 语义+关键词+标签搜索
  • 隐私保护 - 完全数据主权

快速安装

clawdhub install secure-memory-stack

一键初始化

# 初始化安全记忆系统
bash /root/clawd/create/secure-memory-stack/scripts/setup.sh

API配置引导

系统会自动检测并引导您配置必要的API密钥:

  1. 百度Embedding API(如果需要)
  2. 其他可选服务

使用指南

1. 系统初始化

# 首次设置
secure-memory setup

2. 检查系统状态

# 检查记忆系统状态
secure-memory status

3. 添加记忆

# 通过Git Notes添加结构化记忆
secure-memory remember "重要决策:使用本地化记忆系统" --tags decision,security --importance high

# 更新MEMORY.md添加长期记忆
secure-memory add-longterm "用户偏好:简洁高效沟通"

4. 搜索记忆

# 语义搜索
secure-memory search "安全配置"

# 结构化搜索
secure-memory find --tag security

# 文件搜索
secure-memory lookup "用户偏好"

5. 系统维护

# 检查系统健康状态
secure-memory health

# 查看统计信息
secure-memory stats

错误处理

常见错误及解决方案

错误1: "百度Embedding API连接失败"

  • 解决方案: 检查百度API密钥配置
  • 运行: secure-memory configure baidu

错误2: "Git Notes系统不可用"

  • 解决方案: 确保Git已安装并正确配置
  • 运行: secure-memory fix git

错误3: "文件权限错误"

  • 解决方案: 检查工作区权限
  • 运行: secure-memory fix permissions

错误4: "搜索无结果"

  • 解决方案: 确认索引已更新
  • 运行: secure-memory refresh

配置文件

系统将在以下位置创建配置文件:

  • /root/clawd/memory_config.json - 主配置
  • /root/clawd/MEMORY.md - 长期记忆
  • /root/clawd/SESSION-STATE.md - 会话状态
  • /root/clawd/memory/ - 每日日志

目录结构

/root/clawd/
├── MEMORY.md              # 长期记忆
├── SESSION-STATE.md       # 活动工作记忆
├── memory/                # 每日日志
│   ├── YYYY-MM-DD.md      # 每日记忆日志
│   └── ...                # 历史日志
├── notes/                 # 知识组织
│   ├── projects/          # 项目
│   ├── areas/             # 领域
│   ├── resources/         # 资源
│   └── archive/           # 归档
└── skills/secure-memory-stack/
    ├── scripts/           # 管理脚本
    ├── configs/           # 配置模板
    └── docs/              # 文档

命令参考

主要命令

  • secure-memory setup - 初始化系统
  • secure-memory status - 检查系统状态
  • secure-memory search <query> - 语义搜索
  • secure-memory remember <content> - 添加记忆
  • secure-memory health - 健康检查
  • secure-memory configure <service> - 配置API
  • secure-memory fix <component> - 修复组件

高级命令

  • secure-memory refresh - 刷新索引
  • secure-memory backup - 备份记忆
  • secure-memory restore - 恢复记忆
  • secure-memory export - 导出记忆
  • secure-memory stats - 统计信息

安全特性

  • 本地化存储: 所有数据仅存储在本地
  • 零上传: 不向任何外部服务传输数据
  • 访问控制: 仅限本机访问
  • 隐私保护: 完全数据主权
  • 加密支持: 可选本地加密

故障排除

如果遇到问题,运行:

secure-memory diagnose

这将运行完整的系统诊断并提供解决方案。

更新系统

clawdhub update secure-memory-stack

卸载系统

secure-memory cleanup

注意:这将删除所有配置文件,但不会删除您的记忆文件。

贡献

欢迎提交Issue和Pull Request来改进此技能。

Files

30 total
Select a file
Select a file to preview.

Comments

Loading comments…