← Back to Skills Marketplace
Smart Memory
by
John DeVere Cooley
· GitHub ↗
· v1.0.0
391
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install openjaw-smart-memory
Description
Zero-cost persistent memory that makes your bot smarter over time. Automatically extracts, stores, and retrieves key facts, preferences, and decisions from c...
Usage Guidance
This skill is coherent with its stated purpose (local JSON memory) but has privacy and small-declaration issues you should consider before installing:
- Review the scripts before use. They run locally, but they expect 'jq' and other standard Unix tools; the registry metadata did not declare 'jq' as required. Install jq or confirm availability.
- Be cautious about storing secrets. The skill explicitly suggests storing API keys and server addresses drawn from conversations. If you enable this, treat the memory directory like sensitive storage: restrict filesystem permissions, consider encrypting the directory, or disable storing credentials.
- The stats/report command prints the first ~60 characters of memory values. That can leak secret fragments — remove or modify that output if you care about privacy.
- Soft-delete keeps items in archive for 30 days. If you need immediate, irreversible deletion for sensitive items, test 'purge' and confirm behavior meets your policy.
- Follow principle of least privilege: set OPENCLAW_MEMORY_DIR to a controlled location, verify file permissions, and run 'memory-manager.sh init' manually to inspect created files. Consider disabling automatic inference/storage until you have explicit consent rules implemented.
If you want a green light: have the author declare 'jq' as a required binary, remove value snippets from reports or mask them, add explicit opt-in for storing credentials, shorten retention for sensitive items or add encryption, and re-run a review.
Capability Analysis
Type: OpenClaw Skill
Name: openjaw-smart-memory
Version: 1.0.0
The skill is classified as suspicious due to the explicit instruction in `SKILL.md` to the AI agent to store 'API keys (stored locally only)' in plain JSON files. While the `memory-manager.sh` script itself does not exfiltrate this data and uses `jq --arg` to prevent direct shell injection into its commands, storing sensitive credentials in an unencrypted local file is a significant security vulnerability. This creates a high-risk prompt injection surface, as a compromised agent or a malicious user prompt could later instruct the agent to retrieve and misuse these stored keys, even if the skill's author intended for local-only storage.
Capability Assessment
Purpose & Capability
The skill's name/description (local persistent memory) matches the included scripts and instructions: everything reads/writes JSON under ~/.openclaw/smart-memory and uses shell/jq. However the metadata claims no required binaries while the scripts explicitly require 'jq' (and use standard tools like stat, du, bc). That undeclared dependency is an incoherence.
Instruction Scope
SKILL.md instructs the agent to automatically extract and store a wide range of information, including 'technical context: server addresses, API keys (stored locally only)'. That is within a memory feature but expands scope to storing highly sensitive secrets. Also the reporting script (memory-stats.sh) prints snippets of stored values (value[:60]) in its report, which contradicts the 'No sensitive data in logs' rule in the doc and can leak secret fragments to anyone who can run/view the report.
Install Mechanism
There is no download/install step — the skill is instruction + included local scripts. No external URLs or archive extraction are involved, so install risk is low. The scripts will run locally when invoked.
Credentials
The skill declares no required environment variables but the code honors OPENCLAW_MEMORY_DIR if set and requires 'jq' (not declared). More importantly, the skill encourages storing API keys and server addresses drawn from conversation — that increases the sensitive data footprint without requiring explicit credentials. Retention/archival (soft-delete with 30-day archive) and automatic daily maintenance increase the time sensitive data is kept.
Persistence & Privilege
always:false (good). The SKILL.md defines a daily heartbeat/maintenance action; combined with the normal autonomous invocation this means the agent can run maintenance and access local memories automatically. This is not unusual, but it increases the blast radius when combined with the ability to store secrets.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install openjaw-smart-memory - After installation, invoke the skill by name or use
/openjaw-smart-memory - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
Initial release
Metadata
Frequently Asked Questions
What is Smart Memory?
Zero-cost persistent memory that makes your bot smarter over time. Automatically extracts, stores, and retrieves key facts, preferences, and decisions from c... It is an AI Agent Skill for Claude Code / OpenClaw, with 391 downloads so far.
How do I install Smart Memory?
Run "/install openjaw-smart-memory" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Smart Memory free?
Yes, Smart Memory is completely free (open-source). You can download, install and use it at no cost.
Which platforms does Smart Memory support?
Smart Memory is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Smart Memory?
It is built and maintained by John DeVere Cooley (@jcools1977); the current version is v1.0.0.
More Skills