← Back to Skills Marketplace
604
Downloads
1
Stars
0
Active Installs
2
Versions
Install in OpenClaw
/install smart-memory-manager
Description
Intelligent memory management for agents with short/long-term memory layering, semantic search, auto summarization, RAG enhancement
Usage Guidance
This skill appears functionally consistent with a memory manager, but two practical risks deserve attention: (1) It will fetch third-party modules from deno.land at runtime — review and pin/ vendor those dependencies if you want to avoid implicit network-loaded code. (2) The load/save API accepts arbitrary file paths and uses Deno.readTextFile/Deno.writeTextFile; if the agent runtime has filesystem permissions, an attacker or misconfigured agent could read sensitive local files (for example dotfiles, credentials) and return their contents via search/list/summarize. Before installing: ensure your agent runtime is constrained (e.g., run in a sandbox or deny filesystem access), only use safe persistPath locations you control, inspect or vendor the imported deno.land modules, and avoid granting this skill broad autonomous privileges. If you need help limiting its filesystem capabilities or auditing the remote imports, consider code-reviewing and running the skill in an isolated environment first.
Capability Analysis
Type: OpenClaw Skill
Name: smart-memory-manager
Version: 1.0.1
The skill provides memory management with file persistence but contains a path traversal vulnerability. The `load` and `save` actions in `index.ts` allow reading and writing files using a user-provided `persistPath` without any sanitization or validation, potentially allowing access to sensitive files outside the intended directory. While this is a significant security flaw, it appears to be a vulnerability rather than intentional malice.
Capability Assessment
Purpose & Capability
Name/description and the code align: it implements short/long/important memory layers, search, summarization, and save/load persistence. File I/O and simple semantic/keyword search are reasonable capabilities for a memory manager.
Instruction Scope
SKILL.md and the API expose load/save with an unrestricted persistPath parameter. The implementation uses Deno.readTextFile to load any path and returns memory contents via list/search/summarize — this enables reading arbitrary files and returning their contents, which is outside a narrow 'memory manager' scope unless the user explicitly chooses safe paths.
Install Mechanism
There is no install spec, but the code imports third-party modules directly from deno.land (zod and std/encoding). That means runtime will fetch remote code from the network; this is normal for Deno but is a supply-chain risk compared with vendored or packaged dependencies.
Credentials
The skill requests no env vars, which is proportional, but it performs arbitrary filesystem read/write (Deno.readTextFile / Deno.writeTextFile) with user-supplied paths. If the agent runs with filesystem permissions, the skill can read sensitive local files and then expose them in outputs — a high-risk capability relative to typical memory persistence needs unless paths are restricted.
Persistence & Privilege
The skill is not always-enabled and does not modify other skills. However, because it can persist to arbitrary disk paths and load arbitrary files, installing it in an environment with broad file-system permissions grants it effective persistent access to local data. Consider limiting runtime permissions or paths.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install smart-memory-manager - After installation, invoke the skill by name or use
/smart-memory-manager - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.1
- Removed the skill.yaml file from the project.
- Consolidated metadata fields from skill.yaml into SKILL.md.
- Added a description field to SKILL.md.
- No changes to functionality or the core documentation content.
v1.0.0
Initial release of smart-memory-manager.
- Introduces a three-layered memory system (short-term, long-term, important) with automatic expiration and cleanup.
- Supports keyword, semantic, and hybrid search modes for efficient memory retrieval.
- Adds automatic summarization for memory compression and context management.
- Provides persistent storage options (in-memory and disk), with save/load support.
- Modular, lightweight, and type-safe design with easy customization and no external dependencies.
Metadata
Frequently Asked Questions
What is smart-memory-manager?
Intelligent memory management for agents with short/long-term memory layering, semantic search, auto summarization, RAG enhancement. It is an AI Agent Skill for Claude Code / OpenClaw, with 604 downloads so far.
How do I install smart-memory-manager?
Run "/install smart-memory-manager" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is smart-memory-manager free?
Yes, smart-memory-manager is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does smart-memory-manager support?
smart-memory-manager is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created smart-memory-manager?
It is built and maintained by Ayalili (@ayalili); the current version is v1.0.1.
More Skills