← Back to Skills Marketplace
Memory Pro System
by
FluffyAIcode
· GitHub ↗
· v0.0.7
· MIT-0
98
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install openclaw-memory-pro
Description
Enhanced AI memory system — vector store, document-level MSA, knowledge graph, collision engine, executable skills, and closed-loop skill evolution.
Usage Guidance
This skill is not outright malicious, but several red flags mean you should proceed cautiously. Before installing or running it: 1) Review the remote GitHub repository (FluffyAIcode/openclaw-memory-pro-system) — inspect setup.py/pyproject.toml and all source files for unexpected network calls, credential harvesting, or shell execs. 2) Avoid installing directly into your primary environment — run the install in an isolated VM or container. 3) Do NOT point it at your production OpenClaw auth-profiles.json or reuse sensitive API keys; create limited-scope/test LLM keys and separate Telegram/test channels. 4) Prefer a pinned commit or official release with checksums rather than cloning an unpinned repo. 5) Audit and control scheduled tasks and any auto-generated skills/webhooks; disable automatic skill activation until you’ve reviewed what it proposes. 6) If you lack capacity to audit the repo, treat this as untrusted code and avoid installing it.
Capability Analysis
Type: OpenClaw Skill
Name: openclaw-memory-pro
Version: 0.0.7
The bundle describes an advanced memory system with high-risk features including a background server, automated task scheduling, and a 'Skill Registry' that supports executable action bindings such as webhooks and tool calls (`SKILL.md`). These capabilities, while aligned with the stated purpose, create a significant attack surface for indirect prompt injection and persistent background execution. Additionally, `_meta.json` contains a future-dated publication timestamp (May 2026), and the 'Skill Proposer' subsystem suggests automated generation of executable logic, which could be exploited to run unauthorized commands if the memory corpus is poisoned.
Capability Assessment
Purpose & Capability
The skill claims to be a memory/knowledge system (vectors, KG, skill proposer). That purpose would legitimately need an LLM key and local code to run — but the registry metadata declared no required env vars or install steps, while SKILL.md/setup.md explicitly require Python + cloning and pip-installing an external repo and LLM API keys. The metadata and declared requirements are inconsistent with the instructions.
Instruction Scope
setup.md instructs cloning a GitHub repo into ~/.openclaw/workspace and pip installing it, configuring OPENROUTER_API_KEY/XAI_API_KEY or reading OpenClaw auth-profiles.json, and enabling scheduled tasks/Telegram channels. The instructions explicitly reference OpenClaw config files (auth-profiles.json, openclaw.json) and writing daily log files and post-remember hooks — actions that read and modify environment/config outside the skill's declared scope.
Install Mechanism
There is no built-in install spec in the registry; setup.md directs the user to git clone https://github.com/FluffyAIcode/openclaw-memory-pro-system and run pip install -e ., which will execute arbitrary Python package code from that repository. The GitHub repo is not pinned to a commit or release and there are no checksums — downloading and installing unpinned code is a moderate-to-high risk.
Credentials
The skill text expects LLM API keys (OPENROUTER_API_KEY or XAI_API_KEY) and will auto-detect keys in OpenClaw's auth-profiles.json. The registry metadata lists no required env vars or config paths; reading auth-profiles.json would access other OpenClaw credentials and is disproportionate to what the registry declared. The skill also suggests configuring Telegram via openclaw.json, which may expose channel tokens.
Persistence & Privilege
The system clones into the user's OpenClaw workspace (~/.openclaw/workspace), writes daily logs, can run scheduled jobs, and the architecture describes auto-generating draft skills with executable bindings (prompt_template/tool_call/webhook). That capability to create executable skills/webhooks and schedule periodic tasks increases privilege and persistence and could enable execution of new behaviors without close review.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install openclaw-memory-pro - After installation, invoke the skill by name or use
/openclaw-memory-pro - Provide required inputs per the skill's parameter spec and get structured output
Version History
v0.0.7
v0.0.7: Token budget control, executable skills, MemoryHub callbacks, LLM-powered MSA recall, attention-aware collision engine, multi-provider LLM client.
Metadata
Frequently Asked Questions
What is Memory Pro System?
Enhanced AI memory system — vector store, document-level MSA, knowledge graph, collision engine, executable skills, and closed-loop skill evolution. It is an AI Agent Skill for Claude Code / OpenClaw, with 98 downloads so far.
How do I install Memory Pro System?
Run "/install openclaw-memory-pro" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Memory Pro System free?
Yes, Memory Pro System is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does Memory Pro System support?
Memory Pro System is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Memory Pro System?
It is built and maintained by FluffyAIcode (@fluffyaicode); the current version is v0.0.7.
More Skills