ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Fpms Memory

v0.2.0

Cognitive memory engine — gives your AI persistent work tracking, proactive risk alerts, and cross-conversation continuity. Never lose track of projects again.

0· 105·0 current·0 all-time
by@jeff0052

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for jeff0052/fpms-memory.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "Fpms Memory" (jeff0052/fpms-memory) from ClawHub.
Skill page: https://clawhub.ai/jeff0052/fpms-memory
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Required binaries: python3
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install fpms-memory

ClawHub CLI

Package manager switcher

npx clawhub@latest install fpms-memory
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The claimed purpose — a local, Python-based memory/task engine — matches the requirement for python3 and a local binary named 'focalpoint'. However the SKILL.md and registry metadata use multiple package names (focalpoint, fpms, focalpoint/fpms on PyPI/GitHub) and a GitHub sync feature is listed without describing how GitHub auth is provided. These naming/auth mismatches are inconsistent with the stated purpose and should be clarified.
!
Instruction Scope
The runtime instructions tell the agent to add an MCP server entry and call a range of tools automatically (bootstrap on conversation start, append_log for decisions, update_status, and run 'heartbeat' every ~10 minutes). While these are coherent for a memory tool, the instructions also mandate continuous/periodic operations and automatic actions in 'EVERY conversation' — this could lead to frequent autonomous activity. The document does not describe whether those periodic heartbeats run entirely locally, whether they reach remote endpoints, or what data is transmitted during GitHub sync.
!
Install Mechanism
The registry's install spec uses 'uv' with package 'focalpoint', while the SKILL.md shows 'pip install focalpoint' and links to a PyPI page for 'fpms'. These inconsistencies (uv vs pip, focalpoint vs fpms vs fpms on PyPI) are red flags: the install mechanism is not clearly specified and could point to a poorly-documented or misconfigured package. No code files are bundled in the skill, so the installer will be the primary source of code — verify the upstream package before running it.
!
Credentials
The skill declares no required environment variables or credentials, yet advertises GitHub integration and auto-sync of issues. A GitHub sync normally requires a token or OAuth config; the absence of declared auth requirements is a mismatch. Either the feature is disabled by default, or the skill is omitting a needed credential requirement — this should be clarified before granting network or repo access.
Persistence & Privilege
The skill is not marked 'always:true' and is user-invocable, which is the expected default. However, the instructions push for automatic calls in every conversation and periodic heartbeat checks. Combined with the installation of a local MCP server binary, this gives the skill a persistent presence on the agent platform when enabled — reasonable for a memory tool but worth confirming (especially network behavior).
What to consider before installing
Do not install blindly. Before installing, verify the upstream package and provenance: check PyPI/GitHub for a package named 'focalpoint' (and reconcile the 'fpms' references), inspect the package source, and confirm what the 'focalpoint' binary does and whether it makes network calls. Ask the maintainer how GitHub sync authenticates (does it require a token? where to set it?) and what data is transmitted during 'heartbeat' and syncs. Prefer installing in a sandbox or VM and running the binary with network disabled until you confirm its behavior. If you rely on this skill for sensitive projects, require explicit documentation of authentication and a vetted release (signed GitHub release or well-known package on PyPI). If any of these points are unclear or the package is only available from an untrusted URL, treat the skill as unsafe to install.

Like a lobster shell, security has layers — review code before you run it.

Runtime requirements

🧠 Clawdis
Binspython3

Install

uv
Bins: focalpoint
uv tool install focalpoint
latestvk9753fc7rfm4cbmqhaq2xkqj7d83c6q6
105downloads
0stars
2versions
Updated 1mo ago
v0.2.0
MIT-0
@jeff0052
latest
Download

FPMS — Focal Point Memory System

Your AI forgets everything between conversations. FPMS fixes that.

Not just memory — attention management. FPMS tracks your projects, detects stuck tasks, and loads the right context at the right time.

What You Get

  • Cross-conversation memory — Start Monday, continue Wednesday, review Friday
  • Structured work tracking — Projects → Tasks → Subtasks with status lifecycle
  • Proactive alerts — "Task X has been blocked for 3 days"
  • Smart context loading — Only loads what fits your token budget
  • GitHub sync — Issues auto-sync as FPMS nodes

How It's Different From Other Memory Tools

Mem0/ZepFPMS
Remembers conversationsYesYes (via prompt rules)
Tracks tasks & projectsNoYes
Alerts you about stuck workNoYes (heartbeat)
Manages token budgetNoYes (L0/L1/L2)
Parent-child task hierarchyNoYes
GitHub integrationNoYes

Other tools remember what was said. FPMS manages what needs to be done.

Setup

1. Install

pip install focalpoint

2. Add MCP server to openclaw.yaml

mcp_servers:
  fpms:
    command: focalpoint

3. Restart OpenClaw

That's it. 18 tools are now available in your conversations.

Use Cases

Project tracking

You: "Create a project for the product launch with 3 tasks"
(Next day)
You: "What's the launch status?"
AI:  "3 tasks: 1 done, 1 active, 1 blocked. The blocked task
      is waiting on design review — it's been 2 days."

Decision memory

You: "We're going with Stripe for payments"
(Two weeks later)
You: "Why did we pick Stripe?"
AI:  "You decided on March 15 — better API and lower international fees."

Risk detection

AI automatically runs heartbeat and finds:
  - Deploy task BLOCKED for 4 days
  - Docs update STALE — no activity for a week
  - Bug fix AT RISK — deadline is tomorrow

Available Tools (18)

ToolWhat it does
bootstrapLoad memory context (call at conversation start)
heartbeatScan for risks: blocked, stale, at-risk tasks
create_nodeCreate a project/task/goal
update_statusChange status (inbox/active/waiting/done/dropped)
append_logRecord decisions, progress, links
get_context_bundleGet token-budgeted context payload
search_nodesFind tasks by status, parent, source
get_nodeGet full details of a work item
shift_focusSwitch AI attention to a specific task
expand_contextSee parent, children, dependencies
update_fieldUpdate title, summary, deadline, etc.
attach_node / detach_nodeMove tasks in hierarchy
add_dependency / remove_dependencyManage task dependencies
unarchiveRestore completed/dropped tasks
set_persistentProtect tasks from auto-archive
get_assembly_traceDebug context assembly

Automatic Memory Rules

Follow these rules in EVERY conversation:

  1. Conversation start → Call bootstrap to load memory
  2. User mentions a task/project/goalcreate_node
  3. User makes a decisionappend_log to the relevant node
  4. Task progressesupdate_status
  5. Before conversation endsappend_log key takeaways
  6. Every ~10 minheartbeat to check for risks

Requirements

  • Python 3.10+
  • No external services — runs 100% locally on SQLite

Links

Comments

Loading comments...