QST Memory

The skill's stated 'instruction-only' posture and memory-management purpose mostly match included code, but there are notable inconsistencies and persistent-install instructions (copying a heartbeat script into the agent workspace + adding a cron job) that increase risk and deserve review before installing.

This package implements a local memory + heartbeat system and includes many Python scripts. Before installing: 1) Review the specific files you would copy/run (especially scripts/heartbeat_integration.py, scripts/crypto.py, universal_memory.py) for any network calls, hard-coded endpoints, or code that reads/writes sensitive files. 2) Do not blindly run the INTEGRATION.md commands that copy files into /home/node/.openclaw/workspace and add a cron job — that creates a persistent scheduled process. Test the code in an isolated sandbox or VM first. 3) Because the metadata did not declare required config paths or credentials but the docs instruct persistent installation, expect a manual review and explicit permission before deploying on production agents. 4) If you must try it, run heartbeat.py manually and monitor network activity and filesystem changes; avoid supplying API keys or secrets until you verify where/how they will be used. 5) If anything looks unclear (network calls, encrypted uploads, or obfuscated logic), do not install and ask the developer for a minimal install manifest and an explicit list of all changes the skill will make to the host (files, cron entries, and any external endpoints it contacts).