← Back to Skills Marketplace
228
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install memory-hybrid-stack
Description
Use this skill to read/write the hybrid memory stack (Postgres facts, Redis realtime state, Qdrant vector recall) that lives under `infra/memory-stack`. Prov...
Usage Guidance
This skill contains small shell helpers that source a workspace .env and then run psql, redis-cli, and curl. Before installing or enabling it:
- Verify the .env file it will source (default infra/memory-stack/.env or the absolute path mentioned in connection-map) and ensure it does not contain secrets you don't want referenced by a skill. The scripts will export PGPASSWORD and may use REDIS_PASSWORD and QDRANT_URL.
- Ask the author/maintainer to update registry metadata to list required env vars (POSTGRES_USER, POSTGRES_PASSWORD, POSTGRES_DB, REDIS_PORT/POSTGRES_PORT/QDRANT settings) so the credential needs are explicit.
- If you run these scripts, keep QDRANT_URL unset or set it explicitly to a localhost URL; otherwise the scripts can make HTTP requests to arbitrary URLs and could send data off-host.
- Confirm the path assumptions (connection-map mentions /home/va/.openclaw/workspace/infra/memory-stack/.env) — change MEMORY_STACK_ENV or MEMORY_STACK_ROOT to a safe path before running to avoid accidental reads of user files.
- Prefer running the scripts in a sandboxed environment and inspect .env contents first. If you cannot validate the .env or the QDRANT_URL, treat this skill as risky and do not enable it for autonomous agent use.
Capability Analysis
Type: OpenClaw Skill
Name: memory-hybrid-stack
Version: 0.1.0
The skill provides a set of shell scripts (facts_sql.sh, state_kv.sh, and qdrant_request.sh) that act as thin, unvalidated wrappers for psql, redis-cli, and curl to manage a local memory stack. While these capabilities are aligned with the stated purpose of providing a hybrid memory layer, the lack of input sanitization allows for arbitrary SQL, Redis command, and HTTP request execution, which are high-risk behaviors susceptible to prompt injection. The scripts also automatically source sensitive credentials from a local .env file located in the infra/memory-stack directory.
Capability Assessment
Purpose & Capability
The name/description (hybrid memory stack for Postgres/Redis/Qdrant) aligns with the included helper scripts and reference docs. However the package metadata declares no required environment variables while the scripts expect and source an .env that contains DB/Redis/Qdrant credentials. There are also small mismatches in documented vs. coded default ports (docs mention Qdrant HTTP=6335, script defaults to 6333).
Instruction Scope
The runtime instructions and scripts source a workspace .env file (default path baked in via references/connection-map.md) and export DB credentials for use by psql/redis-cli/curl. qdrant_request.sh allows overriding QDRANT_URL, which could make HTTP requests to a remote host (not limited to localhost). The scripts accept file inputs (e.g., @/tmp/points.json) and will POST/PUT those payloads; nothing prevents pointing QDRANT_URL at an external endpoint, enabling potential credential or data exfiltration. The SKILL.md and connection-map also mention an absolute workspace path (/home/va/...), which could cause the agent to read user-specific files.
Install Mechanism
No install spec — instruction-only with small helper scripts. This has lower risk than remote installers since nothing is downloaded during installation; the primary risk is what the scripts do at runtime.
Credentials
Registry metadata claims no required env vars, yet scripts rely on POSTGRES_USER, POSTGRES_PASSWORD, POSTGRES_DB, REDIS_PASSWORD (optional), QDRANT_URL/PORT/HOST and an .env file under infra/memory-stack. That omission is a meaningful mismatch: the skill will read sensitive credentials from a workspace .env but the package does not declare or surface that requirement to the user.
Persistence & Privilege
always is false and the skill is user-invocable; it does not request permanent platform-level presence. Autonomous invocation is allowed (platform default) but not itself a new risk here. The skill does not attempt to modify other skills or agent-wide configuration.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install memory-hybrid-stack - After installation, invoke the skill by name or use
/memory-hybrid-stack - Provide required inputs per the skill's parameter spec and get structured output
Version History
v0.1.0
Initial release: Postgres/Redis/Qdrant helper scripts and workflow guide
Metadata
Frequently Asked Questions
What is Memory Hybrid Stack?
Use this skill to read/write the hybrid memory stack (Postgres facts, Redis realtime state, Qdrant vector recall) that lives under `infra/memory-stack`. Prov... It is an AI Agent Skill for Claude Code / OpenClaw, with 228 downloads so far.
How do I install Memory Hybrid Stack?
Run "/install memory-hybrid-stack" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Memory Hybrid Stack free?
Yes, Memory Hybrid Stack is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does Memory Hybrid Stack support?
Memory Hybrid Stack is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Memory Hybrid Stack?
It is built and maintained by VegaBai (@vegabai); the current version is v0.1.0.
More Skills