ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Narrative Memory

v0.6.0

叙事记忆系统v2:捕捉生命中有意义的时刻,编织成连贯的个人叙事。三层过滤确保记忆精华,支持模式识别和决策反思。触发条件:里程碑事件、关键决策、价值判断、情感转折、首次体验、深度反思。

0· 76·0 current·0 all-time
byLouis Z.@zhaoguoqiang-hub

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for zhaoguoqiang-hub/narrative-memory.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "Narrative Memory" (zhaoguoqiang-hub/narrative-memory) from ClawHub.
Skill page: https://clawhub.ai/zhaoguoqiang-hub/narrative-memory
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install narrative-memory

ClawHub CLI

Package manager switcher

npx clawhub@latest install narrative-memory
Security Scan
VirusTotalVirusTotal
Pending
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name/description match the code: CLI scripts detect signals, accumulate patterns, and write narrative records. Dependencies (NPM NLP libs) are reasonable for text analysis. Minor inconsistency: package.json declares a bin script (bin/soul_narrative.js) and includes bin/ in files, but the provided manifest does not include any bin/ file — packaging may be incomplete.
!
Instruction Scope
SKILL.md and references promise privacy features (sensitive-data desensitization, '本地加密存储,不上传云端') and user-access controls. The runtime code shown writes plaintext JSON files to ~/.openclaw/workspace/.soul (narratives.jsonl, accumulation-state.json, user-values.json, etc.) and I see no encryption or automated desensitization implementation in the provided scripts. The code will create and read files under the user's HOME and may persist sensitive content locally.
Install Mechanism
There is no install spec in the registry entry (instruction-only), but a package.json and package-lock.json are included. If a user runs npm install, many typical dependencies will be fetched (chalk, commander, date-fns, natural). These dependencies are reasonable for NLP/CLI, not obviously disproportionate. No external download URLs or obfuscated installers observed.
Credentials
The skill requires no environment variables or external credentials. It uses process.env.HOME (expected for locating user workspace). Requested config and files (user-values.json, daily_context.json) are consistent with the stated goal of personal memory capture.
!
Persistence & Privilege
The skill persists user data to disk in ~/.openclaw/workspace/.soul and will create files/directories in the user's HOME. Although always:false, the agent can invoke the skill autonomously; combined with persistent local storage and the mismatch about encryption, this raises privacy concerns. The skill does not modify other skills or system-wide settings in the shown code.
What to consider before installing
This skill appears to implement a local narrative-memory tool, but review and harden before trusting it with sensitive material: 1) Privacy mismatch — the docs claim 'local encrypted storage' and automatic desensitization but the shipped scripts write plaintext JSON files with no encryption or clear desensitization routine; do not feed sensitive PII until you confirm/implement encryption. 2) Packaging issues — package.json references bin/ files that are not present in the manifest; test the package in a sandboxed environment first. 3) Inspect and run tests locally (npm install in a sandbox, npm test, node scripts/test-basic.js) to see behavior and file locations. 4) If you will store sensitive memories, add encryption at write/read time or store the workspace on an encrypted volume, and limit access to the ~/.openclaw/workspace/.soul directory. 5) Consider running the skill in a disposable VM or container the first time and review any unexpectedly created files. If you want, I can point to the exact lines where plaintext writes occur and suggest code changes to add encryption/desensitization.

Like a lobster shell, security has layers — review code before you run it.

latestvk97ep84yxwp8q9252ykt7w5nr9842yfx
76downloads
0stars
6versions
Updated 3w ago
v0.6.0
MIT-0
Louis Z.@zhaoguoqiang-hub
latest
Download

Narrative Memory - 叙事记忆系统

使用方法

直接调用

node scripts/narrative.js <命令> [选项]

信号处理模式

node scripts/narrative.js --process-signal <signal>

命令

  • add <事件描述> - 添加新的叙事记忆
  • timeline [选项] - 查看时间线
  • list [选项] - 列出叙事记忆

示例

# 添加记忆
node scripts/narrative.js add "完成了重要项目" --category milestone --importance 0.9

# 查看时间线
node scripts/narrative.js timeline --days 7

# 信号处理
node scripts/narrative.js --process-signal milestone_recorded

与proactive-engine集成

该skill通过--process-signal参数与proactive-engine信号系统集成,支持自动捕获重要生命时刻。

Comments

Loading comments...