Qst Memory V1.8.5 No Crypto

The package mostly matches a local memory-management purpose, but documentation, instructions, and some code/actions are inconsistent (encryption removed but still advertised; instructions to install a persistent heartbeat script into system workspace and cron; references to external checks/APIs without requesting credentials), so proceed only after manual review.

What to check before installing or enabling this skill: 1) Encryption mismatch: This release removed the crypto module and stores memories as plaintext. Do not store passwords, API keys, or other secrets in the skill's data files unless you add encryption or use system-level disk encryption. If you need encryption, use v1.8.4 (the changelog mentions it) or add a vetted crypto module. 2) Inspect heartbeat_integration.py: The integration guide tells you to copy a heartbeat script into /home/node/.openclaw/workspace and schedule it via cron. Before doing that, open heartbeat_integration.py and any heartbeat-related modules to confirm they do not make unexpected network calls, execute arbitrary shell commands, or read unrelated system files. Only install the cron job after manually auditing the script. 3) Network and credentials: The code/configs reference 'email_check', 'forum_patrol', 'API', 'key', 'token' and other external checks but the package does not declare required credentials. If you configure external integrations, expect that any supplied credentials may be stored in plain text in the skill's data/config files — plan where to store secrets (system secret manager) and how to integrate them safely. 4) Hardcoded paths and workspace modifications: Some CLI files reference absolute paths (e.g., /root/.openclaw/workspace/skills/qst-memory) and INTEGRATION.md instructs copying into /home/node/.openclaw/workspace. These are platform-specific and may require privilege; avoid running these copy commands as root without reviewing the files and understanding the destination. 5) Run in a sandbox first: If possible, run and exercise the skill in a controlled environment (container or isolated VM) to observe file writes, network activity, and cron behavior before deploying to production. If you want, I can (a) scan heartbeat_integration.py and any other truncated files for network calls or dangerous APIs, or (b) extract and summarize any scripts that will run automatically so you can decide whether to enable cron.