Memory system with 5 categories - knowledge, projects, error log, daily review, and tasks. Load on demand to avoid memory pollution. 记忆系统 - 包含常识记忆、项目记忆、错题本、每...
Security Analysis
medium confidenceThe skill is broadly consistent with being a local markdown-based memory system, but its instructions ask agents to auto-load global memory, reference an undeclared GEMINI_API_KEY and local services, and could cause unintended data access across agents — these inconsistencies merit caution.
The name/description (a local memory system) matches the instructions to read/write markdown files and build optional vector indexes. However, the SKILL.md references external embedding services (Gemini API or local Ollama) without declaring required environment variables in the registry metadata, and it describes both auto-loaded global memories and on-demand project loads — this mix is reasonable for a memory system but the undeclared external credential is an inconsistency.
Instructions explicitly tell agents to auto-read files on startup (knowledge and errors) and to load error logs 'globally' for all Agents and Sub-Agents. That grants the skill/agent broad local-read scope across the designated memory directory. The SKILL.md also instructs use of external services (Gemini API or localhost Ollama) and shows curl to localhost:11434, which could cause network activity. There are minor path inconsistencies (directory examples use ~/.openclaw/... but init commands create memory/ in cwd). No explicit exfiltration endpoint is present, but the global auto-read behavior and optional remote API use increase privacy risk.
Instruction-only skill with no install spec and no code files; nothing is downloaded or written by an installer. This minimizes supply-chain risk.
Registry metadata lists no required environment variables, yet the SKILL.md says enabling vector search requires a GEMINI_API_KEY or a local Ollama instance. The skill also instructs checking a localhost endpoint. The undeclared GEMINI_API_KEY and the expectation that agents will access local services are mismatches that should be clarified. Additionally, the skill's policy to auto-load 'error logs' globally could expose sensitive content stored in those files to all agents.
The skill is not marked always:true and does not request system-wide installs or to modify other skills. However, its runtime rules demand that all agents/sub-agents load certain memory files on startup — this is a behavioral persistence (broad read access) rather than an installation privilege and could have a wide blast radius if sensitive data is present.
Guidance
This skill is an instruction-only local memory system and is not inherently malicious, but several things warrant caution: - Clarify GEMINI_API_KEY: the SKILL.md references GEMINI_API_KEY for vector search, but the registry lists no required env vars. If you enable vector search, you would provide that key — only do so if you trust the key's scope and the embedding provider. Prefer the local Ollama option if you can run it in a controlled environment. - Watch global auto-load behavior: the skill requires agents to auto-load 'errors' and 'knowledge' at startup and to make error logs global to all agents/sub-agents. That means any content you put into those markdown files can be read by agents broadly. Do not store secrets or sensitive data in the memory directory. - Network activity: optional features invoke external services (Gemini API) or local endpoints (curl to localhost:11434). Understand and control network access before enabling vector search. - Path and usage discrepancies: SKILL.md shows both ~/.openclaw/workspace/memory/ and local relative paths (memory/...). Confirm where files will actually live and ensure directory permissions limit exposure. - Operational advice: if you want to try it, run in an isolated agent/workspace, inspect or create the memory directory yourself, and keep sensitive information out of memory files. Ask the author to update the registry metadata to declare GEMINI_API_KEY (or explicitly state that no external keys are required unless vector_search is enabled) and to clarify which paths are used and which agents will auto-load which files. Confidence is medium because the skill appears coherent as a local memory helper, but the undeclared env var references and broad auto-load instructions create meaningful privacy/consistency concerns that should be resolved before trusting it with real data.
Latest Release
v1.1.0
Consolidate memory structure around 5 categories (knowledge/projects/errors/diary/tasks). Full bilingual EN/CN support for SKILL.md and all memory entries. Add Rule #5: mandatory bilingual logging. Retrofit error logs with bilingual format.
More by @russellfei
Published by @russellfei on ClawHub
