ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Memory Tree

v2.0.1

🌳 记忆树 — 周报自动生成,永久记忆标记,关键词搜索。说句话就能用。

0· 220·0 current·0 all-time
by@masongmx

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for masongmx/memory-tree.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "Memory Tree" (masongmx/memory-tree) from ClawHub.
Skill page: https://clawhub.ai/masongmx/memory-tree
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install memory-tree

ClawHub CLI

Package manager switcher

npx clawhub@latest install memory-tree
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name/description (weekly reports, search, permanent mark) match the shipped Python script which reads ~/.openclaw/workspace/MEMORY.md, builds reports, and writes under ~/.openclaw/workspace/memory-tree/data. However docs/README/SECURITY.md mention semantic backends (Ollama / cloud fallbacks) and 'zero-config' automatic behavior while the v2.0 script header states Ollama/cloud embedding was removed. This mismatch between docs and code is confusing and unexpected.
!
Instruction Scope
SKILL.md instructs running the included script for weekly/search/mark. The code reads and writes files under the user's OpenClaw workspace (~/.openclaw/... ) and reads openclaw.json to detect 'enabled channels' — behavior that is coherent for pushing reports to configured channels but expands scope beyond just local indexing/search. SECURITY.md states a 'setup' command will create cron jobs for daily/weekly tasks; that means the skill can persist scheduled actions on the user's account if the user runs setup. The SKILL.md itself does not make the cron/setup step explicit, which is scope-creep and a usability/safety concern.
Install Mechanism
This is an instruction-only skill with a single Python script and no install spec — nothing is downloaded or installed automatically by the skill bundle itself. That lowers install-time risk.
Credentials
The skill declares no required env vars or credentials. SECURITY.md (included) warns older versions or configurations may send content to cloud embedding APIs if ZHIPU_API_KEY or OPENAI_API_KEY are present. The current v2.0 script text shown does not reference cloud API keys, but the documentation's mixed messages mean a user should verify the exact code version and ensure no unintended cloud keys are present if they require strict locality.
!
Persistence & Privilege
The package can create user-level cron jobs (per SECURITY.md) when the 'setup' command is invoked; that grants persistent scheduled execution. While user-level cron is not a system-wide escalation, it is a non-trivial persistent presence and should only be enabled after reviewing the exact setup steps and crontab entries. The skill also reads/writes files under the user's workspace and openclaw.json, which is expected but noteworthy.
What to consider before installing
This skill appears to implement the advertised local weekly-report/search/mark features, but the documentation and security note contain inconsistencies about cloud fallbacks and automatic cron installation. Before installing: 1) Inspect scripts/memory_tree.py yourself (it is included) to confirm there are no network calls or reference to cloud API keys in the shipped version. 2) Check your environment for OPENAI/ZHIPU (or other cloud) API keys if you require strictly local operation — remove/unset them or run the script in an isolated environment. 3) If you don't want persistent scheduling, do not run the 'setup' command (or inspect the exact crontab entries the setup would create). 4) Backup ~/.openclaw/workspace and review openclaw.json (the skill will read it to detect channels). 5) If anything in the README/SECURITY.md doesn't match the actual code you see, treat that as a red flag and ask the author to clarify.

Like a lobster shell, security has layers — review code before you run it.

latestvk9731zq6rbmna7a46knj2d6ped83k8yc
220downloads
0stars
3versions
Updated 8h ago
v2.0.1
MIT-0
@masongmx
latest
Download

🌳 记忆树

让 OpenClaw 拥有人类般的记忆——记住重要的,忘记过期的。

核心功能

功能命令
生成周报python3 scripts/memory_tree.py weekly
搜索记忆python3 scripts/memory_tree.py search "关键词"
标记永久python3 scripts/memory_tree.py mark "标题"

一句话使用

  • 「生成周报」— 自动统计本周新记、遗忘、永久记忆
  • 「搜索记忆 关键词」— 本地关键词搜索
  • 「记住这个」— 标记为永久记忆 📌

特点

  • 零依赖:无需 Ollama,纯本地运行
  • 自动推送:周报自动检测已启用的渠道(飞书等)
  • 永久记忆:📌 标记永不衰减

安装

clawhub install memory-tree

License

MIT

Comments

Loading comments...