← Back to Skills Marketplace
84
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install shrimp-openclaw-memory
Description
让 OpenClaw 真的记住用户偏好、事实和上下文的长期记忆 skill。适用于你受不了每次新会话都要重复背景、希望 agent 能跨会话记住信息、并且想直接拥有可搜索、可持久化、可自动注入的记忆系统时使用。不是手工记笔记,而是一个已经做好的可运行记忆能力。
Usage Guidance
This skill implements a full local memory system and a payments integration; it's coherent but has noteworthy risks you should address before installing:
- Secrets & privacy: The analyzer/hook system will extract and persist arbitrary content from conversations (the README even shows examples like storing API keys). If you or your users might send secrets in chat, those can end up in the local DB and be reinjected into later prompts. Consider adding filtering to the analyzer or disabling automatic extraction.
- Undeclared environment variables: The package expects env vars (PAYMENT_WALLET, PAYMENT_CALLBACK_URL, OPENAI_API_KEY, OPENCLAW_MEMORY_WALLET, MEMORY_DEDUPLICATE, etc.) but none are declared in the registry metadata. Set PAYMENT_WALLET only to a wallet you control, and do not expose a funded wallet to autonomous agents unless you intend them to pay.
- Default wallet behavior: The hookpack uses OPENCLAW_MEMORY_WALLET with a hardcoded fallback ('assistant-shrimp-main'), which can cause data to be written under a shared identity even when no agentWallet is present. If you install, set OPENCLAW_MEMORY_WALLET explicitly or remove the default to avoid cross-agent mixing.
- Payments & trust model: The x402 MVP trusts reported tx_hash values (no on-chain verification). Treat Pro activations as not securely verified until you implement on-chain verification. Do not grant a real production PAYMENT_WALLET or fund an agent wallet without reviewing the payment code.
- Recommended actions before install: review analyzer code to ensure sensitive fields are redacted; configure environment variables (no defaults); run the skill in a sandboxed environment; set MEMORY_DEDUPLICATE and retention policies; and if you intend humans to approve payments, disable autonomous payment flows or restrict agent wallet usage.
If you want, I can point to exact lines/files to inspect or produce a short checklist of variables and code paths to change prior to installation.
Capability Analysis
Type: OpenClaw Skill
Name: shrimp-openclaw-memory
Version: 1.0.1
The skill implements a long-term memory system for OpenClaw agents with an integrated monetization layer using the x402 payment protocol. While the code appears functional and follows its stated purpose, it introduces significant risks: `src/dashboard.js` launches a REST API server on port 9091 that lacks any authentication, potentially exposing sensitive stored memories (including facts and user preferences) to any process on the local network. Additionally, the instructions in `SKILL.md` and `AGENT-PAYMENTS.md` encourage agents to autonomously evaluate and execute financial transactions (USDT payments), which, combined with the unauthenticated API, creates a high-risk environment for unauthorized data access or unintended financial loss.
Capability Assessment
Purpose & Capability
The skill's code, hooks, storage schema and CLI match its stated purpose of providing persistent, local, semantic memories and a dashboard. Requiring Node and using SQLite/vector embeddings is coherent. However the package includes an x402 payments subsystem and references environment variables (e.g., PAYMENT_WALLET, OPENAI_API_KEY, OPENCLAW_MEMORY_WALLET) that are not declared in the registry metadata or the top-level SKILL requirements — this mismatch merits caution but is explainable by the Pro-tier integration.
Instruction Scope
SKILL.md promises local-only storage and privacy, but the implementation explicitly extracts and stores arbitrary content from requests (including examples like storing API keys in README), and will inject stored memories back into request context. The hooks record memories automatically (request-after, hookpack) and one hookpack handler defaults to a constant wallet ('assistant-shrimp-main') if no wallet is present, meaning messages could be stored under a shared/default identity without explicit agent wallet consent. This broad automatic capture and reinjection of conversational content — including potential secrets — conflicts with users' implicit privacy expectations.
Install Mechanism
There is no remote download/install spec (install is via npm/node environment), and the package files are included in the skill. Dependencies (express, better-sqlite3, optional @xenova/transformers) are typical for a local dashboard/vector store. Nothing in the install mechanism indicates an external, untrusted binary download, but the package includes optional heavyweight local-ML dependencies which may increase disk usage and require additional native build steps.
Credentials
Registry metadata declared no required env vars, yet the code references multiple environment variables (PAYMENT_WALLET, PAYMENT_CALLBACK_URL, OPENAI_API_KEY, EMBEDDING_PROVIDER, MEMORY_DEDUPLICATE, OPENCLAW_MEMORY_WALLET, etc.). Payment recipient and callback are controlled by PAYMENT_WALLET/PAYMENT_CALLBACK_URL; OPENCLAW_MEMORY_WALLET defaulting to a constant allows storing data under a shared wallet. These undeclared env dependencies and a default wallet that enables background storage are disproportionate to the simple 'memory' description and raise confidentiality and operational concerns.
Persistence & Privilege
The skill registers hooks that automatically run on requests and session end, which is expected for a memory skill, but the provided hookpack handler and hooks will persist data automatically (and even use a default wallet when none supplied). While always:false (no forced global installation) and autonomous invocation is normal, the combination of automatic capture + default wallet + payment endpoints increases the blast radius: agents could autonomously create payment requests and store/retrieve memories without explicit human oversight unless environment and wallet access are carefully restricted.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install shrimp-openclaw-memory - After installation, invoke the skill by name or use
/shrimp-openclaw-memory - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.1
Rewrite listing to foreground user value, persistent memory benefits, and direct install CTA instead of technical description first.
Metadata
Frequently Asked Questions
What is OpenClaw Memory System?
让 OpenClaw 真的记住用户偏好、事实和上下文的长期记忆 skill。适用于你受不了每次新会话都要重复背景、希望 agent 能跨会话记住信息、并且想直接拥有可搜索、可持久化、可自动注入的记忆系统时使用。不是手工记笔记,而是一个已经做好的可运行记忆能力。 It is an AI Agent Skill for Claude Code / OpenClaw, with 84 downloads so far.
How do I install OpenClaw Memory System?
Run "/install shrimp-openclaw-memory" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is OpenClaw Memory System free?
Yes, OpenClaw Memory System is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does OpenClaw Memory System support?
OpenClaw Memory System is cross-platform and runs anywhere OpenClaw / Claude Code is available (darwin, linux, win32).
Who created OpenClaw Memory System?
It is built and maintained by 文武贝 (@wuyunting555); the current version is v1.0.1.
More Skills