MemCore
v0.2.0Agent long-term memory system with five-layer architecture (Context/Task/User/Knowledge/Experience). Use when building agents that need persistent memory, ta...
⭐ 0· 98·1 current·1 all-time
bylaojun@laojun509
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
medium confidencePurpose & Capability
The name/description (persistent multi-layer memory) matches the included code (episodic memory, triggers, semantic compression, forgetting curve, SQLite backend, vector knowledge). No unrelated credentials, binaries, or services are required by default.
Instruction Scope
Runtime docs and examples operate on local state and show creating a DB at ~/.memcore/memory.db, recording episodes, creating triggers, and optionally wiring an external embedding function. The instructions do not request unrelated files or environment variables, but they do instruct the agent to persist potentially sensitive user data to disk (SQLite) and to optionally call external embedding providers if the user supplies an embedding_fn.
Install Mechanism
No automated install spec is provided (instruction-only for pip installing numpy). The repository ships Python source files directly. There are no remote downloads or opaque install steps.
Credentials
The skill declares no required env vars or credentials. However the README/SKILL.md shows examples using an OpenAI embedding wrapper that would need an API key if used; that key would be provided by the user (not declared as required). Ensure you do not hardcode or commit API keys when following examples.
Persistence & Privilege
The library creates and writes to ~/.memcore/memory.db (SQLite) and stores user memories, triggers, and embeddings. This is expected for a memory system but means sensitive personal data is stored plaintext by default. The skill is not always:true and does not request elevated system privileges, but local persistence without encryption and optional use of external embedding services increases data-exposure risk.
Assessment
This package appears to implement what it claims: a local, persistent memory system. Before installing: 1) Inspect vector_knowledge.py (not fully shown) to confirm whether it performs any network calls or automatically sends data to external APIs; if you plan to use embeddings, avoid pasting API keys into source files — pass them at runtime or use secure storage. 2) Be aware the SQLite DB is created under ~/.memcore and will store any memories you record; if those memories include PII or secrets consider encrypting the DB or changing the storage path. 3) The source excerpts contain some truncated/typo'd lines in the listing (likely display truncation or code bugs) — run static checks and unit tests locally before using in production. 4) If you need to prevent any external communication, initialize MemCoreEnhanced without an embedding_fn and audit the VectorKnowledge backend to ensure it does not contact remote services by default.Like a lobster shell, security has layers — review code before you run it.
agentvk974mt3gtdkhazpc4nq0cnt4g984sxf7aivk974mt3gtdkhazpc4nq0cnt4g984sxf7confidencevk974mt3gtdkhazpc4nq0cnt4g984sxf7episodicvk974mt3gtdkhazpc4nq0cnt4g984sxf7latestvk974mt3gtdkhazpc4nq0cnt4g984sxf7llmvk974mt3gtdkhazpc4nq0cnt4g984sxf7memoryvk974mt3gtdkhazpc4nq0cnt4g984sxf7vectorvk974mt3gtdkhazpc4nq0cnt4g984sxf7
License
MIT-0
Free to use, modify, and redistribute. No attribution required.