Persistent Mind
v1.0.0Provides persistent, searchable, context-aware memory storage for AI agents to retain user preferences, corrections, and project context across sessions.
⭐ 0· 523·0 current·0 all-time
byvs@vedantsingh60
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
Name/description (persistent searchable memory) align with code and manifest: the implementation stores memories locally in JSON, provides search, context injection, export/import, deduplication, and no declared external integrations. Required env vars/credentials are none, which matches the claimed local-only operation.
Instruction Scope
SKILL.md and the API surface stay within the memory-manager scope (remember, recall, get_context, export/import, consolidate). They do not instruct reading arbitrary system files or env vars. However examples explicitly show storing things like "The Stripe API key is in .env as STRIPE_SECRET_KEY" and the skill supports export/import and team sharing — meaning sensitive items placed into memories could be accidentally preserved or shared. The instructions do not direct network exfiltration, but they grant broad discretion to store arbitrary content.
Install Mechanism
No install spec — registry indicates source included and runtime is local Python. The package is pure Python, zero external dependencies, and the code is included in the bundle; nothing in the manifest or SKILL.md pulls binaries or remote archives.
Credentials
The skill requests no environment variables or credentials, which is proportionate to its stated purpose. That said, because it lets users store arbitrary text and export it, the real risk is user-supplied secrets ending up in local storage or shared exports — the skill itself does not require access to secrets.
Persistence & Privilege
The skill is not marked always:true and uses a standard local storage path (default .persistentmind/). It does persist data across sessions as intended. There is no evidence it touches or modifies other skills' configs or requests elevated system privileges. The normal autonomous invocation flag is enabled by default but is not combined with unusual privileges here.
Assessment
This skill appears to be what it says: a local persistent memory manager that stores data under .persistentmind/ and does not request credentials or network access. Before installing or using it: 1) Audit the included source (persistentmind.py) yourself or have someone you trust review it; while the imports shown are standard-library only, a full review ensures there are no hidden network calls or dynamic imports. 2) Do not store secrets (API keys, passwords, private tokens) in memories unless you accept the risk; exported JSON (export_memories) and imports are plaintext and can leak secrets. 3) Protect the storage directory: exclude .persistentmind/ from version control, set restrictive filesystem permissions (e.g., chmod 700), and consider encrypting sensitive items before storing. 4) When using team sharing, verify recipients and scrub any sensitive content first. 5) If you need secret retention, prefer a dedicated secret manager with access controls rather than this general-purpose memory. If you want more assurance, ask the publisher for a signed release or run static/dynamic analysis to confirm there are no outbound network calls and that export/import functions sanitize inputs.Like a lobster shell, security has layers — review code before you run it.
latestvk97f1498gm2dvs2vx463nsw3eh8199yk
License
MIT-0
Free to use, modify, and redistribute. No attribution required.