Librarian Mastery — World-Class AI Knowledge & Memory System

The skill claims to be an institutional memory/version-control system and the reference docs describe intensive filesystem operations (moving files, renaming, modifying registries, creating archives, running commands like `wc -c MEMORY.md`, updating source-of-truth registries). That functionality is consistent with the stated purpose. However, the package declares no required env vars, no config paths, and no required binaries — yet the docs assume access to workspace paths (e.g., /workspace-main/, memory/, system/registries/, ~/.openclaw/, .secrets/). The missing declared permissions/requirements vs. the heavy filesystem operations is a meaningful incoherence.

The SKILL.md and included reference files explicitly instruct agents to read reference files, scan and move files, archive or delete assets, update registries, run maintenance checklists, and enforce deletion authorization (including autonomous deletion of exact duplicates and temp files). The docs also direct changes to central indexes and source-of-truth registries. These are high-impact operations (potential for irreversible deletions or mass moves) and the skill both recommends aggressive triggering and gives the Librarian autonomous deletion authority for certain classes of files. The instructions reference system and secret paths (.secrets, ~/.openclaw/cron/) that lie outside the skill bundle.

This is an instruction-only skill with no install spec and no code files. No third-party downloads or installers are used, which minimizes supply-chain risk at install time.

The manifest declares no environment variables or credentials, yet the reference docs mention external platforms and account dependencies (Gumroad, KDP, tracking external deployment URLs) and point to local secret/config paths (.secrets, ~/.openclaw/). That mismatch means the skill's instructions presuppose access to credentials and system config that are not declared, making the requested scope unclear and potentially excessive if the agent is granted file/secret access implicitly by the runtime.

always:false (good), but autonomous invocation is allowed by default and the skill explicitly requests aggressive triggering on many keywords. Combined with built-in authority described in the docs to autonomously delete exact duplicates and temp files and update canonical registries, this creates a non-trivial blast radius if the agent is allowed write/delete access. The skill also encourages automatic archival and renaming patterns without requiring human confirmation for several deletion categories.