ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Adam Framework

v1.0.1

5-layer persistent memory and coherence architecture for OpenClaw agents. Solves AI amnesia and within-session drift. Built and validated over 353 sessions o...

0· 212·0 current·0 all-time
by@strangeadvancedmarketing

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for strangeadvancedmarketing/adam-framework.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "Adam Framework" (strangeadvancedmarketing/adam-framework) from ClawHub.
Skill page: https://clawhub.ai/strangeadvancedmarketing/adam-framework
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install adam-framework

ClawHub CLI

Package manager switcher

npx clawhub@latest install adam-framework
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
The skill claims a local-first memory/coherence framework, which plausibly needs local scripts and an LLM key, but SKILL.md explicitly asks for multiple external API keys (NVIDIA Developer model key and a Gemini API key) and npm tooling. The registry metadata lists no required env vars or binaries — that's a clear mismatch. The presence of many utility scripts and a server component (mcp-server, SENTINEL templates, reconciliation scripts) is coherent with the described purpose, but the omission of declared requirements in the metadata is inconsistent and unexpected.
!
Instruction Scope
Runtime instructions (SKILL.md, AGENTS.md, docs) direct reading and writing of user vault files (BOOT_CONTEXT.md, CORE_MEMORY.md, session JSONL), running a periodic coherence_monitor, and performing a nightly reconciliation that calls out to Gemini. Those actions are within the framework's stated purpose, but they touch sensitive local state (session logs, vault files, gateway config) and the instructions provide an automated 'Path 2' install via pasting SETUP_AI.md into the agent — which would allow the agent to modify local files and install components autonomously. AGENTS.md simultaneously warns agents 'Never touch live vault files', which is contradictory with other parts that instruct copying scripts into the live Vault and running them.
!
Install Mechanism
The registry lists no install spec, but the bundle includes many executable scripts, Python tools, requirements.txt, and SENTINEL templates that are intended to be copied into the user's Vault and run. There is no packaged, vetted install delivery in the registry metadata — setup is driven by README/SETUP docs and agent-driven installation instructions. That increases risk because arbitrary repo files would be copied and run on the operator's machine without an auditable package/install step described in the registry.
!
Credentials
SKILL.md and docs request multiple credentials and tokens (LLM provider API key, NVIDIA Developer key, Gemini API key, OpenClaw gateway token, optional Telegram token, Firecrawl, etc.), yet the registry metadata declares no required env vars or primary credential. Requesting both a runtime LLM key and a separate 'Gemini' key for offline reconciliation is plausible for the design (using one model for runtime and another for nightly consolidation), but it's a material increase in secret exposure — and the metadata mismatch prevents the platform/user from seeing upfront what secrets are needed.
Persistence & Privilege
The skill does not set always:true and does not itself modify other skills in the metadata. However, its recommended setup deploys SENTINEL watchdog scripts that run periodically, copies tools into a user's Vault, and configures a sleep/reconcile cycle — giving it ongoing disk presence and recurring execution on the host. That persistence is consistent with its purpose but raises the usual operational-risk considerations (scripts that run regularly and write to BOOT_CONTEXT.md/session files).
What to consider before installing
Things to consider before installing or letting the agent 'auto-install': - Metadata vs reality: The registry lists no required env vars or binaries, but the SKILL.md and docs require an LLM API key (or specific NVIDIA Developer key), a Gemini API key, npm tooling, and will copy/run Python scripts — treat the registry omission as a red flag and expect to provide secrets. - Secrets exposure: You will be asked for at least one LLM API key and (per the docs) a Gemini API key. Only provide keys you control, and consider creating scoped/limited keys or ephemeral credentials where possible. Do not reuse high-privilege or long-lived master keys. - Review code first: The package contains scripts that read session JSONL logs and write to BOOT_CONTEXT.md and other Vault files; review SENTINEL templates, coherence_monitor.py, and reconcile_memory.py before running them. Prefer manual execution in a sandbox/VM first. - Avoid automatic 'paste-to-agent' installs: The 'Path 2 — Let your agent handle it' flow would let an agent modify your filesystem and install software. If you lack strong trusts or auditing, use the manual Path 1 and follow SETUP_HUMAN.md step-by-step instead. - Backup your Vault and configs: Before running any install, back up your Vault (CORE_MEMORY.md, SOUL.md, workspace/*) and openclaw config. If SENTINEL or reconcile runs write unexpected content, you can recover. - Limit network access where feasible: The design is 'local-first' but uses external reconciliation (Gemini). If you want strictly local operation, audit and disable reconcile steps that call external APIs. - Prefer least privilege: For Telegram/OpenClaw gateway tokens create dedicated tokens with narrow scopes and restrict network exposure. Monitor created files (reanchor_pending.json, BOOT_CONTEXT.md) for unexpected content. - What would reduce my concern: registry metadata that accurately lists required env vars and binaries, a published homepage or verified source, an install spec (package or signed release) instead of manual copy steps, and explicit notes about what network calls the nightly reconcile makes (endpoints, data sent).

Like a lobster shell, security has layers — review code before you run it.

latestvk977kqre403hpsdxbd1960rphn8362rm
212downloads
0stars
2versions
Updated 1d ago
v1.0.1
MIT-0
@strangeadvancedmarketing
latest
Download

Adam Framework

AI Amnesia — Solved. Within-Session Coherence Degradation — Solved.

The Adam Framework is a 5-layer persistent memory architecture for OpenClaw agents, developed over 8 months across 353 sessions on a live business by a non-coder running consumer hardware.

OpenClaw just got acquired by OpenAI. Your memory layer shouldn't be.

What It Solves

  • AI Amnesia — your agent wakes up blank every session, forcing you to re-explain context, projects, and goals that should already be known
  • Within-Session Drift — as a session accumulates context, the model's reasoning consistency quietly degrades before compaction triggers

The 5 Layers

LayerComponentWhat It Does
1Vault injection via SENTINELIdentity files loaded at every boot. Agent wakes up knowing who it is.
2memory-core pluginLive memory search mid-session via memory_search / memory_get tools
3Neural graph (nmem_context)Associative recall — 12,393 neurons, 40,532 synapses. Concepts link to concepts.
4Nightly reconciliationGemini merges daily logs into CORE_MEMORY.md while you sleep. Nothing lost.
5Coherence monitorScratchpad dropout detector — fires re-anchor before drift causes damage. 33 tests passing.

The Key Insight

The memory is in the files. The model is just the reader.

When the system was completely wiped and rebuilt from scratch, the agent came back online with full continuity — because the identity files survived. Swap the LLM, keep the Vault. Memory persists.

Setup

Two paths — pick one:

Path 1 — You do it yourself (30–60 min) Read SETUP_HUMAN.md. Plain English, no technical background assumed.

Path 2 — Let your agent handle it Paste SETUP_AI.md into your OpenClaw chat. It asks 8 questions and does the install itself.

Prerequisites

  • OpenClaw running with any model
  • Python 3.10+
  • npm install -g mcporter
  • NVIDIA Developer free tier API key (Kimi K2.5, 131K context, free)
  • Gemini API key (free) for nightly reconciliation

Links

Comments

Loading comments...