Builds a reusable, scored memory mesh with safety gating and 12-hour auto-refresh for cross-session memory consolidation and quality control in OpenClaw.
Security Analysis
medium confidenceThe skill's code and instructions broadly match its stated purpose, but it performs privileged workspace and package-management actions (cron edits, auto-updating/installing skills, invoking gh/clawhub/openclaw) while the package metadata does not declare those runtime dependencies and there are notable supply-chain and privacy risks to review before installing.
The scripts implement the advertised features (local consolidation, scoring, quarantine-first global sync, GitHub contribution export/posting, scheduler integration). However, the runtime relies on external CLIs (openclaw, clawhub, gh) and ability to write into the workspace and skills directory, yet the registry metadata declares no required binaries or credentials — this mismatch is an incoherence users should be aware of.
Runtime instructions and included scripts read many local files (MEMORY.md, memory/**/*.md, skill package.json), run subprocess commands, query and install other skills via clawhub, edit/run OpenClaw cron jobs, and optionally post comments to GitHub via the gh CLI. While the code includes secret-pattern blocking and sanitization, the skill still can read arbitrary workspace files and transmit promoted items to external services (ClawHub/GitHub). The scope includes supply-chain actions (auto-updating/installing other skills) and modifying scheduler configuration — broader than a simple read-only memory consolidation tool.
No remote download/extract install spec is present; the package is instruction-only and ships Python scripts. There are no external URLs or archive downloads in the install spec. The primary installation flow uses local CLIs (clawhub/openclaw) rather than fetching arbitrary binaries from untrusted URLs.
The skill declares no required environment variables or credentials. It relies on locally-configured tooling for network actions: GitHub posting uses the gh CLI and the user's GitHub auth (token) already on the system; clawhub/openclaw commands rely on the agent's environment and permissions. That is proportionate to its functionality, but worth noting because posting contributions or installing other skills will use whatever credentials/permissions those CLIs have on the host.
The skill will create or edit OpenClaw cron jobs (scripts/ensure_openclaw_cron.py) and can auto-install/update other skills (global_memory_sync.py uses clawhub install --force). Although always:false (not force-included), the skill has the capability to change scheduled tasks and install code into the workspace, which increases its blast radius and supply-chain implications.
Guidance
This skill appears to do what it claims, but it also performs powerful operations that you should review before installing. Key actions to take before use: - Audit the scripts (especially global_memory_sync.py, ensure_openclaw_cron.py, install_bootstrap.py) to confirm you accept: (a) running clawhub/openclaw/gh on your host, (b) automatic installation/updates of other skills, and (c) creation/editing of OpenClaw cron jobs. - Run in an isolated or sandbox workspace first to observe behavior and outputs (the skill reads workspace files and writes memory/memory_mesh/* artifacts). - If you will allow GitHub posting, ensure your gh credentials have only the scopes you intend and consider keeping automated posting disabled (do not pass --post-issue-comments or set setup_12h.sh posting flag to off). - If you are uncomfortable with automatic skill updates, set auto_update_skills to false in skills/memory-mesh-core/config/global_sync.json or avoid running the install_bootstrap/global sync scripts. - Verify that clawhub/openclaw/gh CLIs are from trusted sources on your machine and that you consent to them being invoked by the skill. - Consider limiting network exposure and reviewing promoted JSON outputs (memory/memory_mesh/feeds and github_issue_batch_v1.json) before any automatic posting. If you want, I can point out the exact lines or functions in the scripts that perform each privileged action, or suggest minimal configuration changes to reduce risk (eg. disable auto-update, disable scheduled posting).
Latest Release
v1.0.6
v1.0.6: Add GitHub issue self-check and optional auto-posting, improve duplicate suppression, sanitize source refs, and strengthen install/star/referral guidance.
Popular Skills
Published by @wanng-ide on ClawHub
