← Back to Skills Marketplace

infinite memory locall rag system for

Name: infinite memory locall rag system for
Author: mhndayesh

by mhndayesh · GitHub ↗ · v1.0.0

cross-platform ⚠ suspicious

540

Downloads

Stars

Active Installs

Versions

Install in OpenClaw

/install infinite-memory-v2

Description

High-precision memory with 100% recall accuracy for long contexts.

README (SKILL.md)

\r \r

Infinite Memory 🦞\r

\r High-precision RAG engine for deep context retrieval (Phase 16 Architecture).\r \r

Tools\r

recall_facts\r

Cmd: python scripts/recall.py "{{query}}"\r
Goal: Search for facts in the historical database.\r \r

memorize_data\r

Cmd: python scripts/ingest.py "{{filename}}" "{{text}}"\r
Goal: Store new data into the long-term memory.\r

Usage Guidance

What to consider before installing: - Do not run this unmodified on a network-exposed machine. The sidecar's uvicorn server is configured to bind 0.0.0.0, making the unauthenticated /ingest and /search endpoints reachable from the network. Change the host to 127.0.0.1 or add authentication/firewall rules before running. - The service accepts arbitrary text for ingestion and persists it to ./memory_db. Avoid ingesting secrets or sensitive data, or add encryption/access controls to the DB. - The AUTO_INTEGRATION.md explicitly tells you to change your agent system prompt so the agent always queries and treats recall_facts as absolute truth. That can cause the agent to uncritically return stored content (including secrets) and propagate errors — think twice before making memory 'authoritative'. - Verify the skill's source repository and release integrity; INSTALL.md points at a GitHub path but the registry lists no source. Confirm the upstream project and check commit history. - Fix minor packaging issues (requirements.txt contains 'axios' which is irrelevant for Python) and review the full engine file for any hidden network calls (the provided engine file was truncated in the manifest preview). - If you intend to use this, sandbox it (container/VM) and restrict network access. Add authentication (API key, local-only socket, or mTLS) to the sidecar endpoints, or bind to localhost-only. Review and test behavior for ingestion, recall, and deletion of stored data. If you want, I can: (1) point out the exact lines that bind to 0.0.0.0 and the endpoints to change, (2) produce a minimal patch to force localhost binding and require a simple API key, or (3) review the remainder of the engine file for external network calls if you provide the truncated part.

Capability Analysis

Type: OpenClaw Skill Name: infinite-memory-v2 Version: 1.0.0 The skill bundle is classified as suspicious primarily due to a critical shell injection vulnerability in the `SKILL.md` file. The `Cmd` definitions for `recall_facts` and `memorize_data` directly embed user-controlled input (`{{query}}`, `{{filename}}`, `{{text}}`) into shell commands (`python scripts/recall.py "{{query}}"`) without apparent sanitization. If the OpenClaw agent does not sanitize these inputs before execution, an attacker could inject arbitrary shell commands. Additionally, the `memory_service.py` binds its FastAPI service to `0.0.0.0`, making it network-accessible and increasing its attack surface, though this is not inherently malicious. There is no clear evidence of intentional data exfiltration, persistence, or other malicious activities.

Capability Assessment

ℹ Purpose & Capability

The code and scripts implement a local RAG/memory sidecar (ChromaDB + local LM Studio) which aligns with the skill name/description. Requiring python and curl is reasonable. Minor mismatch: requirements.txt lists 'axios' (a JS package) which is irrelevant for a Python-only install and looks like sloppy packaging. INSTALL.md references a GitHub URL but the skill registry lists 'Source: unknown' — the suggested external install source should be verified.

⚠ Instruction Scope

SKILL.md and the included scripts only call the local sidecar, which is expected, but references/AUTO_INTEGRATION.md instructs modifying agent core prompts to 'MUST proactively use recall_facts' and to 'treat the output of recall_facts as absolute ground truth (Direct-Return Bypass)'. That is scope-creep: it directs changes to other agent files and encourages the agent to unconditionally trust memory outputs (including 'secret codes' example), which increases risk of inadvertent disclosure or authoritative propagation of incorrect/sensitive data.

ℹ Install Mechanism

There is no automated install spec in the registry; the package contains Python code and instructions to run pip install -r requirements.txt. No immediate high-risk external downloads are embedded in the install spec. However INSTALL.md suggests downloading from a GitHub tree — the registry's source is unknown, so users should verify that URL matches the skill they are installing.

⚠ Credentials

The skill requests no credentials, which on the face is reasonable. However the sidecar runs unauthenticated endpoints (/ingest and /search) and memory_service's uvicorn server is started with host='0.0.0.0' (exposes the API on all network interfaces). That combination (no auth + public binding) is disproportionate for a local memory tool: it allows remote hosts to read/ingest arbitrary data unless the host/network firewall prevents it. The code writes a local persistent DB (./memory_db), so sensitive data could be stored persistently without access controls.

ℹ Persistence & Privilege

The skill does not set always:true and does not autonomously enable itself by default. However INSTALL.md and AUTO_INTEGRATION.md provide explicit steps to make the memory engine 'Auto' by editing agent core identity files, which would increase persistence and autonomous use — the skill makes it easy to escalate its presence if the integrator follows those instructions.

How to Use

Make sure OpenClaw is installed (local or Docker)
Run the install command in chat: /install infinite-memory-v2
After installation, invoke the skill by name or use /infinite-memory-v2
Provide required inputs per the skill's parameter spec and get structured output

Version History

v1.0.0

- Added "curl" to the required dependencies. - Streamlined and shortened the description for tools and features. - Condensed setup and usage instructions for improved clarity. - Removed detailed agent instructions and database location notes for a more concise overview.

Metadata

Slug infinite-memory-v2

Version 1.0.0

License —

All-time Installs 1

Active Installs 1

Total Versions 1

Frequently Asked Questions

What is infinite memory locall rag system for?

High-precision memory with 100% recall accuracy for long contexts. It is an AI Agent Skill for Claude Code / OpenClaw, with 540 downloads so far.

How do I install infinite memory locall rag system for?

Run "/install infinite-memory-v2" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is infinite memory locall rag system for free?

Yes, infinite memory locall rag system for is completely free (open-source). You can download, install and use it at no cost.

Which platforms does infinite memory locall rag system for support?

infinite memory locall rag system for is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created infinite memory locall rag system for?

It is built and maintained by mhndayesh (@mhndayesh); the current version is v1.0.0.

More Skills