Smart Memory (Zero Dep)
v1.1.2Enhanced memory system for agentic workflows. Automatic memory extraction from conversations, memory type classification (preference/project/technical/lesson...
⭐ 0· 57·0 current·0 all-time
by@zgjq
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
Overall coherent: name/description (memory extraction, tagging, decay, session cache) matches the included scripts (session_state.py, session_cache.py, extract_memories.sh, classify_memory.py, memory_decay.py, memory_health.sh). Minor inconsistency: registry metadata lists "Required binaries: none" but SKILL.md explicitly requires Python 3.10+ and Bash 4+. Also the package was marked "instruction-only" in install spec but includes multiple executable scripts — this is fine but worth noting as a mismatch between metadata and bundled files.
Instruction Scope
Instructions stay within the stated domain (local writes to ~/.openclaw/workspace and /tmp, no network endpoints). They direct the agent to write WAL entries before responding, run local classification/decay/health scripts, and optionally use the agent's own LLM for higher-quality extraction. Caution: the WAL requirement means the agent will persist extracted text before responding — if extraction misclassifies sensitive text, it may be written locally. The scripts implement regex-based blocking for common key/token patterns, but those checks are heuristic and can miss exotic credential formats.
Install Mechanism
No install spec — scripts are included and run directly. No external downloads or package installs. This is low-risk from an installation perspective (nothing downloaded/executed from remote URLs).
Credentials
The skill requests no secrets or privileged environment variables. SKILL.md documents two optional environment variables (OPENCLAW_WORKSPACE, OPENCLAW_SESSION_ID) used to locate workspace and session cache — these are reasonable and proportional to the functionality.
Persistence & Privilege
The skill writes and modifies files inside a user-local workspace (~/.openclaw/workspace) and /tmp session caches, which is expected for a memory system. always:false (normal). Because the agent is expected to autonomously invoke these scripts (disable-model-invocation: false by default), the skill can autonomously persist data to disk — this is expected for a memory plugin but increases blast radius if the agent is misconfigured or hostile.
Assessment
This skill appears to do what it says: local memory extraction, tagging, decay, and a session WAL. Before installing or enabling: 1) ensure Python 3.10+ and Bash 4+ are available (metadata omitted these but scripts require them), 2) back up any existing ~/.openclaw/workspace data (scripts will read/modify these files), 3) review/adjust OPENCLAW_WORKSPACE if you want files stored elsewhere, 4) understand the WAL rule (the agent will write remembered text to disk before replying) — if you worry about accidental persistence of secrets, test extraction on non-sensitive sample data and review the regex patterns that block tokens/keys, and 5) if you want to limit risk, disable autonomous invocation for the skill or run it in a sandboxed account until you’re comfortable with behavior.Like a lobster shell, security has layers — review code before you run it.
agentvk9727q600hcfv4ckr9qmdbxyns83yhd7latestvk9727q600hcfv4ckr9qmdbxyns83yhd7memoryvk9727q600hcfv4ckr9qmdbxyns83yhd7productivityvk9727q600hcfv4ckr9qmdbxyns83yhd7zero-dependencyvk9727q600hcfv4ckr9qmdbxyns83yhd7
License
MIT-0
Free to use, modify, and redistribute. No attribution required.