Complete memory system combining LanceDB auto-recall, Git-Notes structured memory, and file-based workspace search. Use when setting up comprehensive agent memory, when you need persistent context across sessions, or when managing decisions/preferences/tasks with multiple memory backends working together.
Security Analysis
medium confidenceThe skill's declared manifest omits credentials and tooling it actually needs (OpenAI embedding key, clawdbot and git-notes binaries/plugins), and it instructs silent, automatic persistence of conversation data — coherent with its purpose but lacking proportional declarations and transparency.
The SKILL.md clearly expects the memory-lancedb plugin, the git-notes-memory skill, and use of an embedding API key (OPENAI_API_KEY) for embeddings, plus runtime tools like 'clawdbot' and Python scripts. The registry metadata/requirements list none of these. That mismatch (manifest claims no env vars or binaries but instructions require them) is incoherent and should be clarified.
Instructions direct the agent to read and write local workspace files (memory/active-context.md, MEMORY.md, YYYY-MM-DD.md), run git-notes sync scripts, invoke clawdbot memory search, and silently store/flush session summaries. These actions are within the skill's stated purpose (memory), but the 'silent operation' guidance and automatic flush behavior increase privacy risk and reduce user visibility.
There is no remote installer or download; this is instruction-only plus a small included shell script. No archive downloads or third-party package installs are declared, so install risk is low. The included scripts are small and readable.
Although the manifest declares no required env vars, the config examples embed an OPENAI_API_KEY (and SETUP.md shows an sk-... placeholder). The skill implicitly requires credential(s) for embeddings and likely write access to the workspace and (if git-notes pushes) to a git remote. Required environment and permissions are not declared, which is disproportionate and a transparency problem.
The skill enables automatic capture/auto-recall and suggests adding an auto-flush config that writes session summaries to disk before compaction, and instructs silent operation. While not marked 'always:true', the default autonomous invocation combined with silent persistent storage increases the blast radius for privacy/exfiltration if misconfigured or malicious. This is particularly important because the skill's source is 'unknown'.
Guidance
Before installing, verify the following: (1) Confirm where LanceDB stores data and whether it is local or remote and who can access it; (2) Expect to provide an embeddings API key (OPENAI_API_KEY) — do not hardcode secrets into workspace files; (3) Ensure you have the 'memory-lancedb' plugin and 'git-notes-memory' skill from a trusted source; inspect the git-notes code to see if it pushes to remote repos; (4) Be aware the skill recommends silently persisting conversation data and auto-flushing session summaries — if you need user-visible consent or auditability, disable autoCapture/autoFlush or require explicit prompts; (5) Check that your environment has 'clawdbot' and Python available and review scripts (scripts/file-search.sh writes to /tmp and kills the background search after 8s). If the author/source cannot explain the omitted manifest declarations (required env vars, binaries, plugin dependencies) or you don't trust the upstream git-notes/LanceDB implementations, treat this as potentially risky and avoid deploying for sensitive data.
Latest Release
v1.0.0
- Initial release of the triple-memory skill, combining LanceDB conversation memory, Git-Notes structured memory, and file-based workspace search. - Designed for comprehensive, persistent agent memory across sessions and branches. - Supports auto-recall and auto-capture of conversation context, structured decision logging, and workspace document search. - Includes setup and usage instructions for LanceDB plugin, Git-Notes memory, and file search script. - Enables automatic context preservation before memory compaction. - Operates silently during memory operations—no user notifications.
More by @ktpriyatham
Published by @ktpriyatham on ClawHub
