ClawHub

White Stone Memory

v1.1.0

Memory system with 5 categories - knowledge, projects, error log, daily review, and tasks. Load on demand to avoid memory pollution. 记忆系统 - 包含常识记忆、项目记忆、错题本、每...

0· 327·1 current·1 all-time
by@russellfei
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The name/description (a local memory system) matches the instructions to read/write markdown files and build optional vector indexes. However, the SKILL.md references external embedding services (Gemini API or local Ollama) without declaring required environment variables in the registry metadata, and it describes both auto-loaded global memories and on-demand project loads — this mix is reasonable for a memory system but the undeclared external credential is an inconsistency.
!
Instruction Scope
Instructions explicitly tell agents to auto-read files on startup (knowledge and errors) and to load error logs 'globally' for all Agents and Sub-Agents. That grants the skill/agent broad local-read scope across the designated memory directory. The SKILL.md also instructs use of external services (Gemini API or localhost Ollama) and shows curl to localhost:11434, which could cause network activity. There are minor path inconsistencies (directory examples use ~/.openclaw/... but init commands create memory/ in cwd). No explicit exfiltration endpoint is present, but the global auto-read behavior and optional remote API use increase privacy risk.
Install Mechanism
Instruction-only skill with no install spec and no code files; nothing is downloaded or written by an installer. This minimizes supply-chain risk.
!
Credentials
Registry metadata lists no required environment variables, yet the SKILL.md says enabling vector search requires a GEMINI_API_KEY or a local Ollama instance. The skill also instructs checking a localhost endpoint. The undeclared GEMINI_API_KEY and the expectation that agents will access local services are mismatches that should be clarified. Additionally, the skill's policy to auto-load 'error logs' globally could expose sensitive content stored in those files to all agents.
Persistence & Privilege
The skill is not marked always:true and does not request system-wide installs or to modify other skills. However, its runtime rules demand that all agents/sub-agents load certain memory files on startup — this is a behavioral persistence (broad read access) rather than an installation privilege and could have a wide blast radius if sensitive data is present.
What to consider before installing
This skill is an instruction-only local memory system and is not inherently malicious, but several things warrant caution: - Clarify GEMINI_API_KEY: the SKILL.md references GEMINI_API_KEY for vector search, but the registry lists no required env vars. If you enable vector search, you would provide that key — only do so if you trust the key's scope and the embedding provider. Prefer the local Ollama option if you can run it in a controlled environment. - Watch global auto-load behavior: the skill requires agents to auto-load 'errors' and 'knowledge' at startup and to make error logs global to all agents/sub-agents. That means any content you put into those markdown files can be read by agents broadly. Do not store secrets or sensitive data in the memory directory. - Network activity: optional features invoke external services (Gemini API) or local endpoints (curl to localhost:11434). Understand and control network access before enabling vector search. - Path and usage discrepancies: SKILL.md shows both ~/.openclaw/workspace/memory/ and local relative paths (memory/...). Confirm where files will actually live and ensure directory permissions limit exposure. - Operational advice: if you want to try it, run in an isolated agent/workspace, inspect or create the memory directory yourself, and keep sensitive information out of memory files. Ask the author to update the registry metadata to declare GEMINI_API_KEY (or explicitly state that no external keys are required unless vector_search is enabled) and to clarify which paths are used and which agents will auto-load which files. Confidence is medium because the skill appears coherent as a local memory helper, but the undeclared env var references and broad auto-load instructions create meaningful privacy/consistency concerns that should be resolved before trusting it with real data.

Like a lobster shell, security has layers — review code before you run it.

Runtime requirements

🧠 Clawdis
latestvk970048dxesqhxjadszczzf3eh827qp0
327downloads
0stars
2versions
Updated 1mo ago
v1.1.0
MIT-0
@russellfei
latest
Download

White Stone Memory / 白石记忆系统

Your personal memory system with 5 categories, loaded on demand.

Memory Categories / 记忆分类

1. Knowledge / 常识记忆

  • Path: memory/knowledge/common.md
  • Content: Work habits, logical thinking, product sense / 工作习惯、逻辑思维、产品意识
  • Loading: Auto-loaded on agent startup / Agent启动时自动读取

2. Projects / 项目记忆

  • Path: memory/projects/[project_name].md
  • Loading: Only when user explicitly mentions a project / 用户明确提及项目时加载
  • Do NOT load: Agents must not proactively read project memory to avoid pollution / 避免污染

3. Error Log / 错题本

  • Path: memory/errors/
  • Content: Past mistakes, lessons learned / 使用错误、经验总结
  • Loading: Auto-loaded by all Agents and Sub-Agents on startup / 所有Agent启动时加载

4. Daily Review / 每日回顾

  • Path: memory/diary/[date].md
  • Timing: Auto-created daily / 每天自动创建
  • Content: Work summary, insights to distill / 工作总结、待提炼内容

5. Tasks / 子任务追踪

  • Path: memory/tasks/[task_name].md
  • Content: Subagent task specs, config, progress / 任务规格、配置、进度
  • Loading: On demand when managing subagents / 管理 subagent 时按需加载

目录结构

~/.openclaw/workspace/memory/
├── knowledge/          # 常识记忆 (启动加载)
│   ├── common.md
│   └── reflection-log.md
├── projects/           # 项目记忆 (按需加载)
│   └── [项目名].md
├── errors/             # 错题本 (全局加载)
│   └── [类别].md
├── diary/              # 每日回顾 (日期命名)
│   └── YYYY-MM-DD.md
└── tasks/              # 子任务追踪 (subagent 任务)
    └── [任务名].md

Rules / 重要规则

  1. No proactive project reads — Only load project memory when user explicitly asks / 不主动读取项目记忆
  2. Error log is global — All Agents must load on startup / 错题本全局共享
  3. Knowledge loads at startup — Auto-read on agent init / 常识记忆启动加载
  4. Daily review is scheduled — Created daily, can be updated manually / 每日回顾定时创建
  5. Bilingual logging — ALL memory entries must be written in bilingual format (English + Chinese). Titles use EN / 中文, details include both languages. This applies regardless of which language the original context was in. / 所有记忆条目必须双语记录

使用方法

初始化

首次使用需要创建目录结构:

mkdir -p memory/knowledge memory/projects memory/errors memory/daily

常识记忆

# 读取
cat memory/knowledge/common.md

# 编辑
vim memory/knowledge/common.md

项目记忆

# 加载项目记忆(用户明确要求时)
cat memory/projects/[项目名].md

错题本

# 读取错题本
cat memory/errors/*.md

# 添加新错误
echo "## 新错误\n- 问题:...\n- 原因:...\n- 解决方案:..." >> memory/errors/general.md

每日回顾

# 创建今日回顾
echo "# $(date +%Y-%m-%d) 回顾" > memory/daily/$(date +%Y-%m-%d).md

向量搜索功能 (可选,需配置)

概述

在现有关键词搜索基础上,增加向量语义搜索能力。

开启方式

在配置文件中启用:

memory:
  vector_search:
    enabled: true

启用后的提示

⚠️ 开启向量搜索需要配置以下之一

选项说明
A. Gemini API提供 GEMINI_API_KEY 环境变量
B. 本地 Ollama确保运行 ollama run qwen3-embedding-0.6B

配置检查

# 检查 Ollama 是否运行
curl -s localhost:11434/api/tags

技术选型

组件推荐
EmbeddingGemini API 或 Ollama + qwen3-embedding-0.6B
向量库FAISS 或 LanceDB
索引HNSW (O(log n))

命令

/memory build-index   # 构建索引
/memory search "xxx"  # 搜索
/memory index-status  # 查看状态

注意

  • 默认关闭向量搜索
  • 启用后需配置 Gemini API Key 或本地 Ollama
  • 新增/修改文件后需重新索引

更新日志

  • 2026-02-28: 新增向量搜索功能设计

Comments

Loading comments...