ClawHub

memU-lite

v1.1.0

Lightweight structured memory system for OpenClaw - inspired by memU, zero external dependencies. Provides atomic memory storage with categories (preferences...

0· 533·5 current·5 all-time
by@yoo-unison
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
The skill claims to be a lightweight, zero-external-dependency memory system and all scripts act on a local memory directory (~/.openclaw/workspace/memory). No unrelated cloud credentials, network endpoints, or unrelated binaries are required by the skill. The README/SKILL.md references a GitHub repo only as an optional installation source; the runtime behavior is local filesystem operations consistent with the stated purpose. Note: the scripts assume standard Unix utilities (tar, grep, sed, find, stat, etc.), which are not declared as 'required binaries' in the metadata — this is expected for simple shell-based tools but worth knowing.
Instruction Scope
SKILL.md instructs the agent and the user to create/maintain local Markdown memory files and to use the provided Bash tools. The instructions do not tell the agent to read unrelated system files or to send memory to external endpoints automatically. One caveat: PUSH_GUIDE suggests pushing the repo to GitHub and mentions using a Personal Access Token for authentication (user action), which is an operational step, not an automatic exfiltration mechanism. Also, the restore workflow (memu-backup.sh -r) will remove and then extract a tarball into the workspace; restoring an untrusted archive can overwrite files under the workspace (see persistence_privilege notes).
Install Mechanism
There is no formal install spec in the registry (instruction-only), but the package includes an install.sh and helper scripts. No external downloads or obscure URLs are used by the scripts themselves. SKILL.md suggests optionally cloning from a GitHub repo; that is a normal distribution mechanism but means users installing from that remote should trust the repository. Overall install mechanism is low-risk compared to arbitrary remote downloads, but files will be written into the user's home workspace.
Credentials
The skill declares no required environment variables or credentials, and the scripts operate on the local ~/.openclaw/workspace path. No extraneous secrets or unrelated service tokens are requested. The scripts do rely on standard shell utilities being available; they also reference a backup directory under the user's workspace which will store snapshots of memory data (local only).
Persistence & Privilege
always:false (default) and model invocation is allowed by default — appropriate for a user-invoked memory helper. The scripts create and modify files under ~/.openclaw/workspace/memory and backups under ~/.openclaw/workspace/backups — that is expected. Important operational caution: the backup restore command deletes the memory/ directory then extracts the provided tarball into WORKSPACE_DIR. If the archive is untrusted or specially crafted (contains path traversal or absolute paths), extraction could overwrite files under the workspace or beyond it depending on tar behavior; restoring backups should be done only from trusted backups.
Assessment
This package appears to do what it says: local Markdown-based memory management via shell scripts. Before installing, consider: 1) Review scripts yourself (they are plain Bash). They create/modify ~/.openclaw/workspace/memory and backups in ~/.openclaw/workspace/backups — back up any existing memory first. 2) Treat backup archives as trusted: restoring (memu-backup.sh -r) deletes the current memory/ and extracts the archive; do not restore tarballs from untrusted sources because tar extraction can overwrite files. 3) The PUSH_GUIDE suggests pushing to GitHub and mentions using a Personal Access Token — never paste tokens into files or share them publicly. 4) Metadata inconsistencies (packaged _meta.json shows a different ownerId/version than the registry listing) and some minor portability assumptions (sed -i differences on macOS) indicate sloppy packaging but not malicious intent; if you require high assurance, run the scripts in a restricted environment or inspect/normalize them before use. 5) If you intend the agent to call these tools autonomously, be aware they operate on user files and can delete/restore the memory directory; limit autonomous invocation or require user confirmation for destructive operations.

Like a lobster shell, security has layers — review code before you run it.

latestvk973q28bdx0s520z2n33wrcnws8251v2

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🧠 Clawdis

Comments