← Back to Skills Marketplace
Overkill Memory System
by
Broedkrummen
· GitHub ↗
· v1.9.5
651
Downloads
0
Stars
0
Active Installs
21
Versions
Install in OpenClaw
/install overkill-memory-system
Description
Provides a neuroscience-inspired 6-tier automated memory system with WAL protocol, semantic search, emotional tagging, and value-based retention for OpenClaw...
Usage Guidance
This package contains a complete, locally runnable memory system and many helper modules — but its registry metadata understates what it needs. Before installing or enabling it: 1) Review install.sh and every script that writes to crontab or ~/.openclaw to see what will be created and scheduled. 2) Search the code for references to ACC_MODELS, AGENT_ID, ChromaDB, Ollama, Redis, fd, rg, and any network endpoints (Supermemory) — these indicate credentials and binaries the system will use. 3) If you plan to run it, run inside a contained environment (container or isolated user account) first; do not blindly export API keys into your global environment. 4) If you only want limited features, ask the author for a minimal configuration or disable cron/background sync and cloud backup. 5) Prefer setting required env vars locally and narrowly, and avoid giving broad credentials (cloud backups, LLM keys) unless you trust the source. Finally, request the upstream source/homepage or a reproducible build/release — the package currently lists 'source: unknown' and no homepage, which makes verification harder.
Capability Analysis
Type: OpenClaw Skill
Name: overkill-memory-system
Version: 1.9.5
The skill is classified as suspicious due to multiple critical vulnerabilities, primarily prompt injection vectors and potential remote code execution (RCE). User-controlled input (e.g., `content`, `fact`, `description`, `context`, `mitigation`, `task`, `notes`, `action`) is written directly into various markdown and JSON files (`SESSION-STATE.md`, `CRON-INBOX.md`, `diary/*.md`, `git-notes/index.json`, `ERRORS.md`, `LEARNINGS.md`, `FEATURE_REQUESTS.md`, `acc-state.json`, `habits.json`, `internal_state.json`, `reflections/*.json`). These files are explicitly designed to be read and interpreted by the AI agent (e.g., `ACC_STATE.md` is 'for prompt injection'), creating direct prompt injection vulnerabilities. Additionally, `acc-error-memory/scripts/calibrate-patterns.sh` and `acc-error-memory/scripts/haiku-screen.sh` execute external LLM CLI commands via `subprocess.run` using the `ACC_MODELS` environment variable. If `ACC_MODELS` can be controlled by an attacker, this leads to RCE. While the skill's stated purpose is benign, these vulnerabilities present significant attack surfaces.
Capability Assessment
Purpose & Capability
The name/description (a local multi-tier memory system) is consistent with the shipped code (search, WAL, ChromaDB integration, spaced repetition, error-tracking modules). However the registry metadata claims no required env vars or binaries while the code and integration docs clearly depend on external tools and services: fd/rg for fast file search, ChromaDB/redis for vector/cache tiers, optional Ollama/OpenAI/Claude CLIs (ACC_MODELS) for LLM screening, AGENT_ID for multi-agent namespacing, and optional cloud backup (Supermemory). The skill legitimately needs many of these — but they should be declared. The lack of declared requirements is an incoherence and increases risk.
Instruction Scope
SKILL.md and many subdocs/scripts instruct the agent to read and write many files under ~/.openclaw (diary, daily logs, memory dirs, .learnings, git-notes), run cron jobs (background maintenance, periodic analyses), and invoke external CLIs (LLM commands via ACC_MODELS, fd/rg, rg JSON parsing). The instructions also show code that will walk user memory directories and ingest transcripts. Those actions are plausible for a memory system, but they give broad file access and persistent background activity. The runtime instructions are specific (cron entries, install.sh, scripts) — they are not limited or sandboxed, and they reference environment variables not declared in the registry.
Install Mechanism
Registry lists 'instruction-only' (no install spec), but the package includes several install scripts (e.g., acc-error-memory/install.sh) and many shell scripts that set up cron jobs and create state under the user's home (~/.openclaw). There is no single verified package repository or signed release; code will live on disk and contains many shell invocations and subprocess.run calls. While there are no external download URLs in the manifest, the included install scripts could modify crontab and write persistent files — a moderate install risk that should be manually audited before execution.
Credentials
The skill metadata declares no required environment variables, but the code/docs expect several: ACC_MODELS (LLM CLI commands), AGENT_ID (namespacing for ChromaDB), ChromaDB/OLLAMA/OpenAI credentials or settings (mentioned in .env example), and likely cloud backup credentials for 'Supermemory'. The code also expects fd/rg on PATH and may expect Redis/ChromaDB storage. Requiring LLM CLIs and cloud backup credentials is reasonable for some features, but the omission from the declared requirements is a serious mismatch and could lead to accidental credential exposure if users export keys without realizing.
Persistence & Privilege
always:false (no forced presence), but the package explicitly supports and documents setting cron jobs (install.sh --with-cron, ACC pipeline scheduled 3x/day) and persistent directories under the user's home. This is expected for an agent memory system (background sync, WAL flush), but it is persistent: cron tasks and files will remain and run outside immediate user actions. Because persistent background tasks are present but not highlighted in registry metadata, treat this as notable and audit install scripts before enabling cron.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install overkill-memory-system - After installation, invoke the skill by name or use
/overkill-memory-system - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.9.5
- Removed platform posts tracking functionality and associated files.
- Updated documentation to reflect version downgrade from 2.0.0 to 1.9.3.
- SKILL.md now matches feature availability for 1.9.x (platform post features no longer mentioned).
- Cleaned up code and metadata to reflect the removal of platform post support.
v2.0.0
v2.0.0 - Major release! Platform post tracking, full multi-agent support, all features integrated
v1.9.4
- Bump version to 1.9.4 in metadata.
- No code or documentation changes; this release updates only the version in _meta.json.
v1.9.3
v1.9.3 - SKILL.md update
v1.9.2
v1.9.2 - Documentation update
v1.9.1
v1.9.1 - Documentation update, version bump
v1.9.0
v1.9.0 - Multi-agent support with shared + private ChromaDB areas, self-reflection, self-improving, file search, knowledge graph
v1.4.0
v1.4.0 - Brain-Full architecture with 6 brain regions: Hippocampus, Amygdala, VTA, Basal Ganglia, Insula, ACC. Added habits, internal state, diary search, strategy notes.
v1.3.0
v1.3.0 - Speed-first architecture with ~5ms average query time, hybrid neuroscience, error learning, vestige integration
v1.2.0
v1.2.0 - Added acc-error-memory integration for error pattern tracking and correction learning
v1.1.6
v1.1.6 - Added security section explaining when network access occurs based on env vars
v1.1.5
v1.1.5 - Fixed env declarations in metadata, added on-import side effects warning, clarified cloud features require API keys
v1.1.4
v1.1.4 - Fixed .env.example, added env declarations to metadata, added prerequisites section to docs clarifying what's core vs requires setup
v1.1.3
v1.1.3 - Added commands.bash=true to enable bash commands
v1.1.2
v1.1.2 - Added .env.example with all environment variables. Updated documentation to clarify cloud integration requirements.
v1.1.1
v1.1.1 - Bug fixes. Command Center framework removed (separate project).
v1.1.0
v1.1.0 - Added 10+ speed optimizations: L1 Cache, Parallel Query, Redis Hot Cache, Result Caching, Binary Search, Connection Pooling, Bloom Filters, Pre-fetch Context, Lazy Loading, Pre-computed Embeddings. Cloud with daily sync. Command Center framework included.
v1.0.3
Added cloud section, renamed framework file, updated credits to Broedkrummen
v1.0.2
Added overkill-memory-system.md framework document
v1.0.1
Added mem0 to credits
Metadata
Frequently Asked Questions
What is Overkill Memory System?
Provides a neuroscience-inspired 6-tier automated memory system with WAL protocol, semantic search, emotional tagging, and value-based retention for OpenClaw... It is an AI Agent Skill for Claude Code / OpenClaw, with 651 downloads so far.
How do I install Overkill Memory System?
Run "/install overkill-memory-system" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Overkill Memory System free?
Yes, Overkill Memory System is completely free (open-source). You can download, install and use it at no cost.
Which platforms does Overkill Memory System support?
Overkill Memory System is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Overkill Memory System?
It is built and maintained by Broedkrummen (@broedkrummen); the current version is v1.9.5.
More Skills