ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Cross-Agent Memory Sharing

v1.0.0

Enable multiple agents to share, merge, and sync memories using standardized formats, priority rules, and Git-based version control for collective intelligence.

0· 550·3 current·3 all-time
byceelo@weidadong2359
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The skill's name/description (cross-agent memory sharing) align with the provided SKILL.md and sync.mjs which implement Git-based sharing and local import/export. However the default SHARED_MEMORY_REPO is a personal GitHub URL (https://github.com/weidadong2359/agent-memory-shared.git) baked into the code even though no repository or credential is declared in the metadata. Defaulting to an external, author-controlled repo is unexpected and disproportionate to the declared requirements.
!
Instruction Scope
SKILL.md shows push/pull/subscribe examples and Git-based workflows; sync.mjs actually clones a repo to WORKSPACE/.shared-memory, reads WORKSPACE/MEMORY.md, writes per-agent memory files, commits, and pushes. That behavior can transmit local workspace contents to the remote repo. SKILL.md references an automatic merge script (node skills/cross-agent-memory/merge-conflicts.mjs) that is not present in the package — an inconsistency. The README's examples also point to external endpoints (memory-hub.example.com) and require tokens but do not declare or document exactly which credentials or environment variables will be used.
Install Mechanism
There is no install spec; this is an instruction-only skill with a small Node script. Nothing is downloaded during install by the skill itself. The runtime does invoke system git via child_process execSync, which is expected for the stated Git-based approach.
!
Credentials
package and SKILL.md declare no required env vars, but sync.mjs reads OPENCLAW_WORKSPACE, SHARED_MEMORY_REPO, and AGENT_ID from environment and defaults SHARED_MEMORY_REPO to an author GitHub repo. The skill implicitly requires Git credentials (e.g., SSH key, git credential helper, or GH token) to push; those credentials are neither declared nor explained. Requesting write access to a remote repo is a high-impact capability that should be explicit and limited to a user-controlled endpoint.
Persistence & Privilege
always:false and disable-model-invocation:false (normal). The script writes a .shared-memory directory in the workspace and creates per-agent files, which is expected for its purpose but means it will persist synced data on disk. It does not modify other skills or system-wide configs.
What to consider before installing
Before installing or running this skill: 1) Treat the default remote repo as untrusted — change SHARED_MEMORY_REPO to a repository you control, or set it explicitly via environment so nothing is pushed to the author’s repo. 2) Understand what will be uploaded: the script reads WORKSPACE/MEMORY.md and will commit/push files under WORKSPACE/.shared-memory; do not run it in a workspace that contains sensitive data. 3) Provide and manage Git credentials securely (SSH key or personal access token) and do not store broad tokens in cleartext; the skill currently does not declare or document credential handling. 4) Note the SKILL.md references a merge-conflicts script that is missing — ask the author for the missing file or review/implement conflict resolution yourself. 5) Review sync.mjs source line-by-line (it uses execSync to run git commands) and run it first in a sandboxed environment. If you need this functionality, prefer hosting the shared repo in your own organization and require an explicit configuration step that disallows defaulting to external author-controlled endpoints.

Like a lobster shell, security has layers — review code before you run it.

latestvk97agwan4adanber00m5gcdgzn82247p

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

SKILL.md

Cross-Agent Memory Sharing Protocol — 跨 Agent 记忆共享协议

打造"Agent 集体智慧",让多个 Agent 共享知识

问题

多个 Agent 独立运行时:

  • 重复学习 — 每个 Agent 都要从零开始
  • 知识孤岛 — A 学到的东西 B 不知道
  • 冲突覆盖 — 共享数据库时互相覆盖
  • 版本混乱 — 不知道谁的记忆是最新的

协议设计

1. 记忆格式标准化

{
  "schema": "openclaw.memory.v1",
  "agentId": "lobster-alpha",
  "timestamp": "2026-03-01T08:00:00Z",
  "version": "1.2.3",
  "entries": [
    {
      "id": "mem-001",
      "type": "fact",
      "priority": "P0",
      "content": "AgentAwaken 域名是 agentawaken.xyz",
      "source": "user-input",
      "confidence": 1.0,
      "tags": ["agentawaken", "domain"]
    }
  ]
}

2. 冲突解决策略

优先级规则:

  1. 时间戳 — 最新的优先
  2. 置信度 — 高置信度优先
  3. 优先级 — P0 > P1 > P2
  4. 来源 — user-input > agent-inferred

合并策略:

function mergeMemories(mem1, mem2) {
  if (mem1.timestamp > mem2.timestamp) return mem1;
  if (mem1.confidence > mem2.confidence) return mem1;
  if (mem1.priority < mem2.priority) return mem1; // P0 < P1
  return mem1; // 默认保留第一个
}

3. 同步机制

推送模式 (Push):

# Agent A 学到新知识后推送
curl -X POST https://memory-hub.example.com/sync \
  -H "Content-Type: application/json" \
  -d @memory-update.json

拉取模式 (Pull):

# Agent B 定期拉取更新
curl https://memory-hub.example.com/sync?since=2026-03-01T00:00:00Z

订阅模式 (Subscribe):

// Agent C 订阅特定主题
ws.subscribe('topic:agentawaken', (update) => {
  applyMemoryUpdate(update);
});

4. 权限控制

agents:
  lobster-alpha:
    read: ["*"]
    write: ["agentawaken", "neuroboost"]
  lobster-beta:
    read: ["agentawaken"]
    write: []
  admin:
    read: ["*"]
    write: ["*"]

实现方案

方案 A: 中心化 Hub

Agent A ──┐
Agent B ──┼──> Memory Hub (Redis/PostgreSQL)
Agent C ──┘

优点: 简单,一致性强 缺点: 单点故障,需要服务器

方案 B: P2P 同步

Agent A ←──→ Agent B
    ↕           ↕
Agent C ←──→ Agent D

优点: 去中心化,无单点故障 缺点: 复杂,冲突多

方案 C: Git-based (推荐)

Agent A ──┐
Agent B ──┼──> GitHub Repo (memory.git)
Agent C ──┘

优点: 版本控制,易审计,免费 缺点: 需要 GitHub token

Git-based 实现

初始化

# 创建共享 repo
gh repo create agent-memory-shared --private

# 每个 Agent clone
git clone https://github.com/team/agent-memory-shared.git

推送更新

# Agent A 学到新知识
echo "新知识" >> shared-memory.md
git add shared-memory.md
git commit -m "Agent A: 学到 XXX"
git push

拉取更新

# Agent B 定期拉取
git pull --rebase
# 如果有冲突,按优先级规则解决

冲突解决

# 自动合并脚本
node skills/cross-agent-memory/merge-conflicts.mjs

使用示例

场景 1: 团队协作

龙虾 A: 发现 AgentAwaken 需要 Vercel
龙虾 B: 自动获取这个知识,不用重新学习
龙虾 C: 基于这个知识继续优化部署流程

场景 2: 知识传承

老 Agent 退役前: 导出记忆到共享库
新 Agent 上线后: 导入共享库,继承经验

场景 3: 集体决策

Agent A: 建议方案 X (置信度 0.7)
Agent B: 建议方案 Y (置信度 0.8)
Agent C: 建议方案 Y (置信度 0.9)
→ 集体选择方案 Y

安全考虑

  1. 加密传输 — HTTPS/SSH
  2. 访问控制 — Token 认证
  3. 审计日志 — 记录所有修改
  4. 备份机制 — 定期备份共享库
  5. 恶意检测 — 检测异常修改

性能优化

  1. 增量同步 — 只传输变化部分
  2. 压缩传输 — gzip 压缩
  3. 批量更新 — 合并多个小更新
  4. 缓存机制 — 本地缓存常用知识

监控指标

  • 同步延迟 — 平均 <5 秒
  • 冲突率 — <5%
  • 知识覆盖率 — >90%
  • 一致性 — >99%

下一步

  1. 实现 Git-based 基础版本
  2. 添加自动冲突解决
  3. 开发 Web UI 管理界面
  4. 集成到 AgentAwaken

愿景

让每个 Agent 都能站在巨人的肩膀上,而不是从零开始。

参考:

  • Git 版本控制
  • CRDT (Conflict-free Replicated Data Types)
  • Operational Transformation

Files

3 total
Select a file
Select a file to preview.

Comments

Loading comments…