ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Memory Harness

Runtime-enforced memory harness for OpenClaw. Implements 3-stage recall (session preflight, triggered recall, pre-execution gate) with intent classification,...

MIT-0 · Free to use, modify, and redistribute. No attribution required.
0 · 18 · 0 current installs · 0 all-time installs
by@taka3693
MIT-0
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The name/description (3-stage recall, intent classification, entity detection, memory compression, pre-execution gate) matches the included scripts. However, the code does not integrate with any memory backend or external store — targeted-recall returns placeholder items and there are no APIs, DB connections, or credential requirements. SKILL.md asserts fetching 'pinned facts', 'active project', etc., but the implementation only simulates those behaviors. This is an internal inconsistency (promised capabilities are not implemented).
Instruction Scope
SKILL.md and the scripts instruct only local processing (intent detection, recall decision, compression, logging). The harness runs other local scripts via node child processes but does not read unrelated system files, environment variables, or send data to external endpoints. That scope is appropriate for a memory harness template. However, SKILL.md's phrase 'runs automatically at the right times - NOT relying on SKILL.md text alone' implies autonomous runtime behavior; combined with missing backend integration, this could mislead users about what the skill will actually retrieve.
Install Mechanism
No install spec is provided (instruction-only install), and there are no downloads or external packages fetched. The skill includes plain JS files that will run on a Node runtime. No high-risk install mechanism (no arbitrary URL downloads or external package installs) was used.
Credentials
The skill declares no required environment variables, no credentials, and code does not read process.env or access external services. The requested environment access is proportionate to the stated purpose.
Persistence & Privilege
The skill is not always-on, does not request system-wide config paths or modify other skills, and does not persist credentials. It does spawn local node processes (execFileSync) to run its helper scripts — expected for a JS-based harness.
What to consider before installing
What to consider before installing: - Functionality mismatch: The SKILL.md promises retrieval of pinned facts, projects, and session history, but the code contains only local placeholders and does not connect to any memory backend—don't expect it to actually fetch your stored memories without additional integration. - Broken code: intent-classifier.js contains syntax and logic errors and appears nonfunctional; the harness may fail or behave unexpectedly. Review and test that file and the whole harness in an isolated environment before trusting it in production. - Local execution: The skill runs local node scripts via child_process.execFileSync. This is normal for this kind of tool, but ensure the agent environment has Node available and verify the scripts don't get modified to perform I/O you don't expect. - No network/exfiltration observed: There are no network calls, credential requests, or environment-variable usage in the provided files — good from an exposure standpoint — but also confirms it currently cannot access remote memory stores without modification. - Recommended actions: (1) Request the maintainer/source (unknown origin) or inspect/repair intent-classifier.js; (2) add/verify integration code for your actual memory backend before enabling autonomous invocation; (3) run the harness with representative test inputs to confirm behavior and logs; (4) limit agent autonomy to manual invocation until you confirm correct, tested behavior.
scripts/harness.js:10
Shell command execution detected (child_process).
Patterns worth reviewing
These patterns may indicate risky behavior. Check the VirusTotal and OpenClaw results above for context-aware analysis before installing.

Like a lobster shell, security has layers — review code before you run it.

Current versionv1.0.0
Download zip
harnessvk974hyzgbq5yshxa9dtv6n8whs8314p8latestvk974hyzgbq5yshxa9dtv6n8whs8314p8memoryvk974hyzgbq5yshxa9dtv6n8whs8314p8recallvk974hyzgbq5yshxa9dtv6n8whs8314p8

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

SKILL.md

Memory Harness

A reliable memory harness that makes byterover recall happen at the right times without running heavy recall on every turn.

Architecture

user_input
  -> intent classification
  -> session preflight (if new session)
  -> conditional targeted recall
  -> planning
  -> pre-execution recall gate (if execution-like)
  -> execution or response
  -> optional writeback

3-Stage Harness

Stage 1: Session Preflight

Runs ONLY at the start of a new session.

Fetches:

  • active project
  • pinned facts
  • unresolved items
  • recent important entities
  • recent session summary

Does NOT fetch:

  • full raw history
  • large raw memory dumps
  • low-signal old notes

Output: compact session_digest (hard capped)

Stage 2: Triggered Recall

Runs targeted byterover recall only when needed.

Trigger conditions:

  • Continuation words: 続き, 前回, 再開, 引き継ぎ, continue, resume, previous work
  • Known entity/project name: ClawHub, OpenClaw, Agent-OS, BOSS-memory-loop, etc.
  • Task requires user-specific/project-specific context
  • Implementation / modification / design / planning request
  • Ambiguous task likely depending on prior context

Skip conditions:

  • Generic factual Q&A
  • Small self-contained questions
  • Casual short exchange
  • Clearly answerable without prior context

Recall modes:

  • preflight_query: start-of-session only
  • entity_query: when named entities detected
  • continuation_query: for previous-session continuation
  • constraint_query: when advice depends on prior rules
  • pre_execution_query: immediately before execution

Stage 3: Pre-Execution Recall Gate

MANDATORY before:

  • file edits
  • code generation
  • architecture proposals
  • configuration changes
  • planning depending on prior project state
  • any meaningful change suggestion

Checks for:

  • prior constraints
  • unresolved issues
  • conflicting past decisions
  • project-specific conventions
  • safety-sensitive context

Memory Shaping

Never inject raw byterover results directly.

Pipeline:

  1. retrieve
  2. rank
  3. dedupe
  4. compress
  5. inject bounded digest

Hard limits:

  • max_memory_items: 5
  • max_digest_lines: 8
  • prefer recent + high-signal + tagged items

Status Tracking

Every recall records one of:

  • not_needed
  • queried_no_hits
  • queried_low_confidence
  • queried_success
  • query_failed

Scripts

intent-classifier.js

Classifies turn intent as one of:

  • generic_qa
  • casual
  • continuation
  • entity_reference
  • user_specific_context
  • implementation_request
  • design_request
  • execution_request

entity-detector.js

Detects known entities in user input:

  • Scans for known entity/project names
  • Maps aliases to canonical names
  • Returns matched entities for recall routing

session-preflight.sh

Runs lightweight recall at session start:

  • Fetches pinned facts, active project, unresolved items
  • Creates compact session_digest
  • Hard capped length

targeted-recall.sh

Runs targeted recall based on intent:

  • Takes intent, entities, session state
  • Chooses appropriate recall mode
  • Returns compressed digest

pre-execution-gate.sh

Runs before execution-like actions:

  • Checks for constraints, conflicts, safety issues
  • Returns go/no-go with relevant context

memory-compress.js

Compresses and dedupes raw memory:

  • Ranks by relevance and recency
  • Dedupes repeated items
  • Hard caps output size

writeback.sh

Writes high-signal info back to memory:

  • Only for important decisions/outcomes
  • Skips trivial chat and low-value text

Configuration

{
  "memory_policy": {
    "preflight_on_session_start": true,
    "preflight_depth": "light",
    "pre_execution_recall": true,
    "max_memory_items": 5,
    "max_digest_lines": 8,
    "trigger_query_if": [
      "mentions_known_project",
      "asks_to_continue_previous_work",
      "requires_user_specific_context",
      "requests_code_design_or_change",
      "contains_known_entity"
    ],
    "skip_query_if": [
      "generic_qa",
      "casual_chat",
      "self_contained_question"
    ]
  }
}

Logging

Structured logs for observability:

  • turn_id
  • session_id
  • intent
  • recall_trigger
  • recall_mode
  • recall_status
  • recall_item_count
  • injected_item_count
  • pre_execution_gate
  • elapsed_ms

Known Entities

Default entity list (expandable):

  • ClawHub
  • OpenClaw
  • Agent-OS
  • BOSS-memory-loop
  • ByteRover
  • MISO
  • Obsidian
  • Telegram

Continuation Triggers

Japanese: 続き, 前回, 再開, 引き継ぎ, 前の, さっきの English: continue, resume, previous, earlier, last time, back to

Success Criteria

  • Reliable recall when turn depends on context
  • Generic turns stay lightweight
  • Execution actions always get constraint check
  • Behavior inspectable in logs
  • No reliance on SKILL.md text alone

Files

10 total
Select a file
Select a file to preview.

Comments

Loading comments…