MemoryBox

v2.0.0

Zero-dependency memory maintenance CLI for OpenClaw. Keeps MEMORY.md lean with 3-tier hierarchical organization. Works alongside Mem0, Supermemory, QMD — or standalone. Install once, forget about memory management.

⭐ 1· 1.9k·11 current·11 all-time

by@ramsbaby

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for ramsbaby/openclaw-memorybox.

Previewing Install & Setup.

Prompt PreviewInstall & Setup

Install the skill "MemoryBox" (ramsbaby/openclaw-memorybox) from ClawHub.
Skill page: https://clawhub.ai/ramsbaby/openclaw-memorybox
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install openclaw-memorybox

ClawHub CLI

Package manager switcher

npx clawhub@latest install openclaw-memorybox

Security Scan

VirusTotal

Benign

View report →

OpenClaw

Suspicious

high confidence

Purpose & Capability

The description promises a zero-dependency, file-only memory organizer. However, the SKILL.md provides an installation flow that clones a remote repository and installs a binary into /usr/local/bin (requires sudo). The registry metadata lists no homepage/source while SKILL.md points to a GitHub repo — an inconsistency. Needing system-wide install privileges is not obviously necessary for a purely file-organizing helper.

Instruction Scope

Instructions tell the agent/user to run shell commands that fetch code (git clone) and create a system symlink with sudo. The doc also tells users to add entries to AGENTS.md (agent config)—contradicting the claim 'never configs or plugins.' The runtime instructions therefore expand scope to network download, code execution, and config modification.

Install Mechanism

There is no formal install spec in the registry, but SKILL.md instructs cloning a GitHub repo and making a binary executable and a system symlink. This is effectively a download-and-install from an unpinned repository (no commit hash or release tag). Downloading and installing an executable from an arbitrary GitHub repo without verification is a moderate-to-high supply-chain risk.

Credentials

The skill declares no environment variables or credentials, which is proportionate. However, the install instructions require sudo to write to /usr/local/bin and ask to edit AGENTS.md — elevated privileges and modification of agent config are not declared and are disproportionate for a tool that claims only to rearrange files.

Persistence & Privilege

Although always:false and agent invocation defaults are normal, the instructions install a persistent system binary (writes to /usr/local/bin) and recommend modifying AGENTS.md. That grants lasting system presence and the ability to run code later; persistence is achieved by the user-install step rather than by metadata, so it should be considered a privilege escalation compared to an instruction-only skill.

What to consider before installing

This skill is 'suspicious' because the documentation asks you to clone and install an unpinned GitHub repo as a system binary and edit AGENTS.md — actions that require sudo and change agent config despite the claim it won't touch configs. Before installing: (1) Inspect the GitHub repository contents (preferably the source of bin/memorybox); ask for a specific commit hash or a signed release rather than cloning the repo head. (2) Avoid running the sudo ln -sf step until you trust the binary; consider installing locally (~/bin) or running the script in a sandbox/container. (3) Verify the maintainer identity and license, and search for issues or community feedback. (4) If you want to use the skill without installation, you can implement the file-organization steps yourself or request the maintainer provide a non-executable, auditable script. If you cannot review the code or don't trust the upstream, do not run the install commands with sudo.

Like a lobster shell, security has layers — review code before you run it.

latestvk975r562d21kkd8v2rtskq56vx80xcap

1.9kdownloads

1stars

1versions

Updated 1mo ago

v2.0.0

MIT-0

MemoryBox

Zero-dependency memory maintenance tool for OpenClaw agents.

What It Does

Prevents MEMORY.md bloat by organizing memory into 3 tiers:

Tier 1: MEMORY.md (≤10KB, loaded every session)
Tier 2: memory/domains/*.md (searched on-demand)
Tier 3: memory/archive/ (old daily logs)

Works alongside Mem0, Supermemory, QMD, or standalone. Only touches file structure — never configs or plugins.

Install

git clone https://github.com/Ramsbaby/openclaw-memorybox.git
cd openclaw-memorybox && chmod +x bin/memorybox
sudo ln -sf "$(pwd)/bin/memorybox" /usr/local/bin/memorybox

Usage

memorybox doctor ~/openclaw    # Full diagnostic (start here)
memorybox split ~/openclaw     # Interactive: move bloated sections to domain files
memorybox health ~/openclaw    # Quick health score (0-100)
memorybox archive ~/openclaw   # Archive old daily logs (14+ days)
memorybox dedupe ~/openclaw    # Find duplicate content
memorybox stale ~/openclaw     # Detect outdated content
memorybox analyze ~/openclaw   # Section-by-section size breakdown
memorybox suggest ~/openclaw   # Improvement recommendations
memorybox report ~/openclaw    # Before/after token savings
memorybox init ~/openclaw      # Set up 3-tier directory structure

Teach Your Agent

Add to AGENTS.md:

## Memory Protocol
- **MEMORY.md** (≤10KB): Core facts only. Loaded everywhere — keep it lean.
- **memory/domains/*.md**: Detailed reference. Use `memory_search` to find.
- **memory/archive/**: Old logs. Rarely needed.

MemoryBox

Install with OpenClaw

CLI Commands

MemoryBox

What It Does

Install

Usage

Teach Your Agent

Results

Links

Comments