ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Mem0 Memory Layer

v0.1.0

Mem0 长期记忆层:为 LLM agent / chatbot 提供事实级记忆——抽取、嵌入、去重、存储 + 混合检索(语义 + BM25 + 实体加权),覆盖 17 个核心用例。自托管 Memory 与托管 MemoryClient 双形态。 Mem0 long-term memory layer for L...

0· 58·0 current·0 all-time
byTang Weigang@tangweigang-jpg

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for tangweigang-jpg/mem0-memory-layer.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "Mem0 Memory Layer" (tangweigang-jpg/mem0-memory-layer) from ClawHub.
Skill page: https://clawhub.ai/tangweigang-jpg/mem0-memory-layer
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install mem0-memory-layer

ClawHub CLI

Package manager switcher

npx clawhub@latest install mem0-memory-layer
Security Scan
Capability signals
CryptoCan make purchasesRequires sensitive credentials
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
The SKILL.md describes Mem0 (an LLM memory layer) which legitimately may need Python, a local MEM0_DIR, and optional MEM0_API_KEY. However the included seed.yaml is a compiled blueprint with id finance-bp-131 and contains domain-specific preconditions (zvt package, ZVT_HOME, finance backtest checks) that are unrelated to a generic memory layer. Registry metadata declares no required env vars or config paths despite the SKILL.md and seed.yaml referencing Python runtime, local directories (~/.mem0 or ZVT_HOME), and optional API keys — this mismatch is incoherent.
!
Instruction Scope
The skill’s runtime instructions (seed.yaml) require the host agent to reload seed.yaml on every decision, run precondition checks that execute Python commands (import checks, filesystem checks), verify packages before proceeding, and write into host_workspace (scripts/, skills/, .trace/). These actions go beyond a read-only documentation skill and instruct executing commands and touching local files; they also reference LATEST.yaml/LATEST.jsonl lookups and other artifacts not declared in the skill metadata. That scope creep is disproportionate and surprising for a memory-layer skill.
Install Mechanism
No install spec is provided (instruction-only), which is low risk in itself. However the execution_protocol in seed.yaml instructs the host to run install recipes and verify imports at runtime (e.g., 'Execute resources.host_adapter.install_recipes[]' and python import checks). Those runtime installs are not declared in the registry metadata, so while there is no packaged installer, the instructions effectively request package installation at runtime — this is noteworthy.
!
Credentials
The registry lists no required environment variables, yet SKILL.md text and seed.yaml refer to multiple environment/config items (Python 3.10+, OpenAI as default LLM/embedding provider, MEM0_DIR ~/.mem0, optional MEM0_API_KEY, MEM0_TELEMETRY, and ZVT/ZVT_HOME checks). Requesting access to local directories, possible API keys, and unrelated project-specific variables (ZVT) without declaring them is disproportionate and raises a risk of unexpected credential or filesystem access.
Persistence & Privilege
always:false and user-invocable:true (normal). The seed.yaml instructs creating/using host_workspace paths (scripts/, skills/, .trace/) and mandates reloading seed.yaml on behavioral decisions — this implies persistent presence in the workspace but not an elevated platform-wide privilege. It's not an outright privilege escalation, but it does ask to write into the agent workspace and to rely on filesystem traces which users should be aware of.
What to consider before installing
This skill bundles a Mem0 memory description with a large compiled blueprint (seed.yaml) that instructs the host to run Python import checks, access and write workspace files, and rely on environment values (OpenAI keys, MEM0_API_KEY, MEM0_DIR, ZVT_HOME) that are not declared in the registry. Before installing or enabling it: (1) review seed.yaml fully to confirm which commands/files it will read or write, (2) do not supply API keys or secrets unless you trust the source — run it in an isolated environment, (3) if you want to use only Mem0 docs, extract and inspect the specific mem0 parts and ignore unrelated finance/backtest preconditions (zvt), (4) explicitly set MEM0_TELEMETRY=false if you do not want telemetry/analytics, and (5) ask the publisher for a clear, minimal manifest declaring required env vars, install steps, and exact filesystem operations. The current package looks like a mixed/compiled blueprint rather than a focused memory-only skill — proceed with caution.

Like a lobster shell, security has layers — review code before you run it.

Runtime requirements

Primary envknowledge
aivk9723mjy8kxwxc6bq8kjhfm20185hch0apivk9723mjy8kxwxc6bq8kjhfm20185hch0latestvk9723mjy8kxwxc6bq8kjhfm20185hch0mlvk9723mjy8kxwxc6bq8kjhfm20185hch0
58downloads
0stars
1versions
Updated 3d ago
v0.1.0
MIT-0
Tang Weigang@tangweigang-jpg
aiapilatestml
Download

这个 skill 适合什么用户?能做哪些任务?

概览

Mem0 是一个 Python 长期记忆框架(github.com/mem0ai/mem0),为 LLM 应用和 agent 提供个性化记忆层。自托管 Memory 类内置 V3 阶段化抽取-存储流水线(Phase 0 上下文采集 → Phase 8 消息持久化),可插拔 vector store / embedding / LLM / reranker provider。混合检索结合语义相似度 + 可选 BM25 / 后端原生 FTS 关键词搜索 + 实体加权评分。

另有独立托管 SaaS 路径 MemoryClient(api.mem0.ai)共享公开 API,但抽取下沉到平台。OSS...

Doramagic 晶体页: https://doramagic.ai/zh/crystal/mem0-memory-layer

知识规模

  • 52 条约束 (1 fatal + 51 non-fatal)
  • 上游源码: mem0ai/mem0 @ commit 693e7093
  • 蓝图 ID: finance-bp-131

用法

Host AI(Claude Code / Cursor / OpenClaw)读 references/seed.yaml,按其中的:

  • intent_router 匹配用户意图
  • architecture 理解项目架构
  • constraints 应用 anti-pattern 约束
  • business_decisions 参考核心设计决策

FAQ 摘要

这个 skill 适合什么用户?能做哪些任务?

适合需要给 LLM agent / chatbot 加长期记忆的工程师:用户偏好持久化、多轮会话上下文延续、跨 session 事实复用。覆盖 17 个用例(个性化助手、客服、教育等)。访问 doramagic.ai/r/mem0 查看完整目录。

需要准备什么环境?依赖什么?

Python 3.10+,至少一个 LLM provider(默认 OpenAI)、一个 embedding provider(默认 OpenAI)、一个 vector store(默认 Qdrant)。本地 SQLite 文件位于 MEM0_DIR(默认 ~/.mem0/)。可选 MEM0_API_KEY 用于托管 MemoryClient。

会踩哪些坑?这个 skill 怎么防护?

本 skill 内置 52 条约束,最典型的 4 个:(1) OSS v2.0.0 中传入 graph_store 配置会被 pydantic 静默丢弃,graph 查询无效;(2) PostHog 遥测默认开启,需显式设 MEM0_TELEMETRY=false;

完整文档: 见 references/seed.yaml (v6.1 schema). 浏览页: https://doramagic.ai/zh/crystal/mem0-memory-layer

Comments

Loading comments...