Memory Tiering
v1.0.0Automated multi-tiered memory management (HOT, WARM, COLD). Use this skill to organize, prune, and archive context during memory operations or compactions.
⭐ 6· 12k·119 current·126 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
Name/description align with the SKILL.md: it is a memory tiering/pruning tool that reads HOT/WARM/COLD memory and daily logs. However, the skill declares no config paths or provenance (homepage/source unknown) while instructing access to specific memory files (e.g., memory/hot/HOT_MEMORY.md, memory/warm/WARM_MEMORY.md, MEMORY.md, memory/YYYY-MM-DD.md). That mismatch (no declared config paths but explicit file paths in instructions) is worth noting.
Instruction Scope
Runtime instructions tell the agent to read all three tiers and recent daily logs and to prune/aggregate COLD content. They also instruct dealing with 'credentials in HOT' (pointing them to root files instead of storing raw secrets). These are destructive/modifying operations (prune, move, remove granular details) and they implicitly touch secrets; the guidance is vague about conditions, safeguards, or backups. This grants the agent broad discretion over internal data and could lead to unintended data loss or exposure if misapplied.
Install Mechanism
Instruction-only skill with no install spec and no code files — lowest install risk. Nothing is written to disk by the skill itself.
Credentials
The skill requires no environment variables or credentials, which is consistent with being instruction-only. However, it explicitly references 'credentials in HOT' and instructs actions around them without declaring how those credentials are provided or protected. That gap (handling secrets without declared config/paths or safeguards) is concerning.
Persistence & Privilege
always is false and there is no install. The skill can be invoked autonomously (disable-model-invocation is false), which is platform-default; combined with the instruction to run after /compact, this could cause automatic pruning unless you restrict triggers.
What to consider before installing
This skill appears to implement what it claims, but exercise caution before installing or enabling it. Specific recommendations:
- Confirm where your agent stores the 'memory/' files referenced in the SKILL.md and review their contents for secrets or important data. Back them up before running this skill.
- The SKILL.md instructs pruning and deleting granular data; test the workflow on non-sensitive data first and require explicit confirmation before any irreversible pruning.
- Because it mentions 'credentials in HOT' but declares no config paths or credential variables, verify how your agent stores credentials and ensure the skill will not transform or delete raw secrets unintentionally.
- Prevent or review automatic triggers (it says it runs after /compact) until you trust its behavior.
- The skill has no homepage or source and the owner is unknown—lack of provenance increases risk. Prefer skills with clear source code or documentation.
If you want to proceed, ask the skill author for: an explicit list of file paths it will read/modify, a dry-run mode that shows proposed changes without applying them, and a documented backup/rollback procedure.Like a lobster shell, security has layers — review code before you run it.
latestvk973acnfas8c9ezjpr0q72k08h80sj9z
License
MIT-0
Free to use, modify, and redistribute. No attribution required.