多用户隔离型长期记忆 Multi-user Long Term Memory
v1.0.0为多个用户创建和管理独立的长期记忆文件,记录偏好和上下文并按用户名隔离存储。
⭐ 2· 1.7k·16 current·16 all-time
by宁伟@kadbbz
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
Name/description describe per-user long-term memory. The code and SKILL.md implement exactly that: extracting a username from sender_id (part before '|'), and reading/writing per-username .md files under the skill's users/ directory. No unrelated env vars, binaries, or network access are requested.
Instruction Scope
Instructions and code operate only on workspace-local files (users/*.md) and expose get/save/append/init APIs and a CLI. This stays within the stated purpose. Important note: memories are stored as plaintext Markdown in the workspace, so sensitive information will be written to disk unencrypted and accessible to anyone with filesystem access to the workspace.
Install Mechanism
No install spec; this is instruction-plus-reference-code only. The code uses only built-in Node.js modules (fs, path). No downloads, package installs, or external installers are present.
Credentials
The skill requires no environment variables, no credentials, and no config paths beyond its own workspace. The requested (absent) privileges are proportionate to the stated functionality.
Persistence & Privilege
The skill does persist data to the agent workspace (users/*.md) which is expected for a memory skill. It does not request always:true or elevated privileges. Ensure workspace file permissions and retention policies are acceptable because stored memories persist on disk.
Assessment
This skill appears to do what it says: it creates and manages per-user Markdown files in the skill's users/ directory. Before installing, consider: 1) Privacy: memories are stored as plaintext under the workspace — do not allow the skill to store sensitive secrets (passwords, tokens, PII) unless you accept plaintext storage. 2) Access control: any user or process with read access to the workspace can read these files; restrict filesystem permissions accordingly. 3) Retention and cleanup: decide a retention policy and how to purge old memories. 4) Username mapping: the skill extracts the username as the part before '|' and sanitizes characters; verify this matches your platform's sender_id format to avoid accidental collisions or shared memory between distinct users. 5) If you need stronger guarantees, modify the code to encrypt stored data or store memory in a secured secret store. If any of these concerns are unacceptable, do not enable the skill or run it only in a trusted, isolated workspace.Like a lobster shell, security has layers — review code before you run it.
latestvk97e1z6sec5760pzqg94mkvtes832hmf
License
MIT-0
Free to use, modify, and redistribute. No attribution required.