ClawHub

triple-memory-baidu-embedding

v1.0.0

Complete memory system combining Baidu Embedding auto-recall, Git-Notes structured memory, and file-based workspace search. Use when setting up comprehensive agent memory with local privacy, when you need persistent context across sessions, or when managing decisions/preferences/tasks with multiple memory backends working together.

1· 1.7k·3 current·3 all-time
by@xqicxx
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The declared purpose (triple memory with Baidu embeddings + Git-Notes + file search) matches the scripts and instructions: the code stores/recalls to a local vector DB, writes to Git-Notes, and performs file search. However the registry metadata claims no required environment variables or credentials while the SKILL.md and many scripts clearly require BAIDU_API_STRING and BAIDU_SECRET_KEY. Also the included clawdbot.skill.json appears to describe a different component ('memory-baidu-embedding-db'), which is inconsistent with the skill package name.
!
Instruction Scope
The SKILL.md and included scripts instruct the agent/installer to create files and hooks under /root/clawd (session-init scripts, memory-helpers, HEARTBEAT.md entries) and to integrate with gateway startup hooks. That goes beyond only operating inside the skill folder and will modify system-wide startup/integration scripts. The instructions also tell the system to silently auto-capture user statements (auto-store triggers) — which is expected for a memory system but should be clearly consented to by users.
Install Mechanism
There is no remote download/install spec (no external URL), which reduces supply-chain risk. However the package includes install.sh and configure.sh that will copy files into $HOME/clawd/skills and write files under /root/clawd. Those scripts will change system state and should be inspected before running. No external network fetches were observed in the package files.
!
Credentials
Although the skill metadata declared no required env vars, many runtime scripts repeatedly require BAIDU_API_STRING and BAIDU_SECRET_KEY (and will exit or operate in degraded mode without them). This mismatch between declared requirements and actual runtime expectations is an incoherence. The env vars are proportionate to the purpose (Baidu API for embeddings), but the skill should have declared them explicitly. Scripts also source a .env in the workspace and assume paths like /root/clawd exist.
!
Persistence & Privilege
The skill does not set always:true, but the configure/install scripts create persistent artifacts (session-init scripts under /root/clawd, memory-helpers, and recommendations to update boot hooks). That gives the skill persistent presence across restarts. While persistence is reasonable for a memory integration, it is a higher privilege and the package will attempt to modify startup/hook configuration and files outside its own directory.
What to consider before installing
Before installing, review and test these points: - Inspect the BAIDU_* environment requirement: many scripts require BAIDU_API_STRING and BAIDU_SECRET_KEY even though the registry metadata lists no env vars. Only provide these credentials if you trust the source and understand the privacy implications of sending data to Baidu's API. - Review scripts line-by-line (install.sh, configure.sh, and the scripts/ directory). They will create files under /root/clawd, add startup/session-init scripts, and suggest integrating into gateway boot hooks — running them will change system-wide behavior. - Note packaging inconsistencies: some scripts reference modules/paths that are not present or use different names (e.g., references to baidu-vector-db, memory_baidu_embedding_db, and clawdbot.skill.json describing 'memory-baidu-embedding-db'). These mismatches may cause runtime failures or indicate the package was assembled carelessly. - Do not run install/configure as root on a production host. Prefer testing in an isolated container/VM and validate that dependencies (git-notes-memory, memory-baidu-embedding-db) are genuine and installed from trusted sources. - Verify that auto-capture behavior and 'silent operation' is acceptable for your environment — the skill is designed to automatically store certain user utterances unless API creds are missing (degraded mode). - If you decide to proceed, run the install/configure scripts step-by-step, and back up any existing /root/clawd files (HEARTBEAT.md, hooks) before changes. Ask the publisher for the canonical source repository and checksums to improve trust.

Like a lobster shell, security has layers — review code before you run it.

latestvk972n15mq1c05pk111fkynt6gd80fd7z

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🧠 Clawdis

Comments