Neverforget

The declared purpose (setup local embeddings with node-llama-cpp and Gemma-300M) matches the instructions to install node-llama-cpp, set the local provider, and download a Hugging Face model. However the package.json and SKILL.md ask for broad filesystem indexing (~/) and network access (huggingface, pnpm, npm registry, and an hf-mirror), which is functionally plausible for a full 'sovereign memory' system but is broad in scope and higher-privilege than many users would expect for a single skill.

Runtime instructions include writing/appending HEARTBEAT.md into ~/.openclaw/workspace, changing global OpenClaw config (agents.defaults.memorySearch.*), running openclaw gateway restart, and triggering openclaw memory index which will crawl user files. The skill's docs/templating give mixed guidance about symlinks (one file warns 'Do not use symlinks', another encourages creating symlinks to include external directories), which is an internal inconsistency that could dramatically expand what gets indexed. These instructions perform persistent, system-wide changes and can cause broad data collection if allowed.

This is instruction-only (no install spec), so nothing is automatically written by a packaged installer. The suggested install uses pnpm to add node-llama-cpp (standard package manager usage) and relies on downloading a model from Hugging Face via the provider path. No arbitrary IP/paste/shortener URLs are present, but package.json lists an additional network entry 'hf-mirror.com' (third-party mirror) — worth verifying the mirror's trustworthiness.

The skill declares no required environment variables but the included openclaw manifest requests wide filesystem permissions (~/, ~/.openclaw, etc.) and network access to package/model registries. Indexing the entire home directory is disproportionate for many users because it can include secrets and private data; the manifest attempts to exclude common secret stores (.ssh, .aws, .env, .gnupg) but exclusion lists are error-prone and may miss other sensitive files. The ability to follow symlinks (documented elsewhere) could further expand access.

The instructions modify global OpenClaw configuration keys (agents.defaults.memorySearch.*), append content to the user's workspace HEARTBEAT.md, restart the gateway, and trigger indexing. Changing global agent defaults and restarting the gateway are system-wide operations that affect other agents and the host environment — this is beyond a purely local skill's internal scope and increases blast radius if misconfigured.