Self Learning Agent
v1.0.1Knowledge card memory system with semantic search. Agents wake up fresh each session but remember everything through atomic ~350-token cards with YAML frontm...
⭐ 0· 108·0 current·0 all-time
bySolomon Neas@solomonneas
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
Name/description describe a knowledge-card memory system and the SKILL.md provides instructions to create and use such a filesystem-based memory (MEMORY.md, memory/cards, daily logs). There are no unexpected binaries, environment variables, or install steps required — this is coherent with its stated purpose.
Instruction Scope
Instructions are focused on creating, searching, and maintaining local card files and daily logs. However the guidance explicitly tells agents to capture 'infrastructure, people, or projects' and to include 'specific commands, paths, config values' in cards. That is within the purpose (detailed memory) but is broad and can cause sensitive data (credentials, IPs, personal info) to be persisted by default. The SKILL.md also references a 'memory_search' semantic search step without providing implementation details, so it assumes the host platform provides embeddings/search infrastructure.
Install Mechanism
Instruction-only skill with no install spec and no code files. Nothing will be downloaded or written by the skill itself during install — lowest-risk installation footprint.
Credentials
The skill requests no environment variables or credentials, which is proportional. But its capture rules encourage saving detailed config values and personal context into files; this increases the chance sensitive credentials or PII are stored in plaintext. The skill itself doesn't request or exfiltrate secrets, but it creates conditions where secrets might be written to disk.
Persistence & Privilege
always:false and default invocation settings. The skill does not request permanent system-wide privileges, nor does it instruct modifying other skills or global config. It only describes creating and reading files within a workspace memory directory.
Assessment
This skill is coherent for adding a local file-based memory system; it does not require credentials or install external code. Before installing, consider the following: (1) Sensitive-data risk — the instructions encourage saving commands, paths, config values, and human context (emails, job info). Decide a policy for what may be captured and avoid storing secrets (API keys, passwords, private keys) in cards or logs. (2) File permissions and encryption — restrict memory/ and MEMORY.md to appropriate filesystem permissions (e.g., chmod 700) and consider encrypting the directory or using a secure vault for secrets. (3) Automatic capture — disable or narrow automatic capture rules (e.g., avoid auto-saving infrastructure details or human PII) until you confirm behavior. (4) Semantic search backend — SKILL.md assumes a 'memory_search' embedding/search capability; verify your agent platform performs embeddings/search locally (or uses a trusted provider) and that embeddings/content are not sent to an external untrusted service. (5) Testing — try the system in a sandbox workspace with non-sensitive data first. If you need, add an allowlist/denylist for categories (e.g., block 'security', 'human' categories from auto-capture) or require manual confirmation before writing cards.Like a lobster shell, security has layers — review code before you run it.
latestvk9756x661grgehbrvrjacnzdrh839aj8
License
MIT-0
Free to use, modify, and redistribute. No attribution required.