ClawHub

Vector Memory Hack

v1.0.3

Fast semantic search for AI agent memory files using TF-IDF and SQLite. Enables instant context retrieval from MEMORY.md or any markdown documentation. Use when the agent needs to (1) Find relevant context before starting a task, (2) Search through large memory files efficiently, (3) Retrieve specific rules or decisions without reading entire files, (4) Enable semantic similarity search instead of keyword matching. Lightweight alternative to heavy embedding models - zero external dependencies, <10ms search time.

9· 2.8k·12 current·13 all-time
by@mig6671
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The name/description (local semantic search of MEMORY.md) aligns with the included Python script which parses a MEMORY.md, computes TF-IDF, and stores vectors in SQLite. However the package repeatedly claims "zero dependencies" while the script's top comment mentions scikit-learn (a non-stdlib dependency) — an internal inconsistency. The README and SKILL.md also advertise a CLI wrapper named 'vsearch' but that file is not present in the bundle.
!
Instruction Scope
Runtime instructions focus on parsing and searching MEMORY.md (appropriate), but they also explicitly instruct agents to extract sensitive items ('Server addresses and credentials') from the memory before acting. While that's within the stated purpose, it increases the risk surface because the skill will be used to read and surface whatever is stored in MEMORY.md (including secrets). The script defaults to a workspace path (/root/.openclaw/workspace/MEMORY.md) which means it can read agent workspace files without additional configuration.
Install Mechanism
There is no install spec (script is included and run directly), which minimizes supply-chain risk. Still, the code's own documentation claims scikit-learn while README/SKILL.md insist on 'stdlib only' — this discrepancy should be resolved before use (either the code imports scikit-learn or it doesn't). No network downloads or external install URLs are present in the provided files.
!
Credentials
The skill declares no required env vars or config paths, but the script hardcodes default paths under /root/.openclaw/workspace (MEMORY_PATH, VECTORS_DIR). That effectively requires read/write access to the agent workspace. No credentials are requested, which is appropriate, but the implicit access to workspace files means the skill can read any content placed in MEMORY.md — including secrets — without explicit declaration.
Persistence & Privilege
The skill does not request permanent inclusion (always:false) and does not attempt to modify other skills or system-wide settings. It will create a local vectors directory and an SQLite DB in VECTORS_DIR (normal for an indexer).
What to consider before installing
This skill appears to implement local TF-IDF search for an agent's MEMORY.md, but there are inconsistencies and privacy concerns you should address before installing: - Verify dependency claims: the code comments mention scikit-learn but the README and SKILL.md say "zero dependencies." Open the full scripts/vector_search.py and ensure it does not import non-stdlib packages; if it does, vendor or install those explicitly and review them. - Update default paths before running: change MEMORY_PATH and VECTORS_DIR in scripts/vector_search.py to point to a safe test file/directory. Don't run it against your real workspace until you confirm behavior. - Inspect MEMORY.md for secrets: because the tool is designed to surface items like server addresses and credentials, remove or rotate any secrets in MEMORY.md or restrict the file before using the skill. - Confirm absence of network I/O: scan the full script for imports like requests, urllib, socket, or subprocess calls that could transmit data. In the provided excerpts there are no obvious network calls, but review the rest of the file to be sure. - Note missing files/claims: README and SKILL.md mention a CLI wrapper 'vsearch' but that wrapper isn't included — if you rely on that, either create a safe wrapper or call the Python script directly. - Test in a sandbox: run the script in an isolated container or VM on a non-sensitive MEMORY.md to validate behavior and performance claims before integrating with agents. If you want, I can: 1) scan the remainder of scripts/vector_search.py for any network or obfuscated behavior, 2) produce a safe replacement wrapper that respects a configurable MEMORY_PATH, or 3) show exact edits to hardcoded paths and logging to make operation explicit and safer.

Like a lobster shell, security has layers — review code before you run it.

efficiencyvk9718z1g53z6g0z4webteymjz180k6relatestvk978zt06ps3jkh7swmaf4eb9ps80ks48lightweightvk9718z1g53z6g0z4webteymjz180k6rememoryvk9718z1g53z6g0z4webteymjz180k6researchvk9718z1g53z6g0z4webteymjz180k6resemanticvk9718z1g53z6g0z4webteymjz180k6resqlitevk9718z1g53z6g0z4webteymjz180k6retfidfvk9718z1g53z6g0z4webteymjz180k6re

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments