← Back to Skills Marketplace
sky-lv

Agent Memory System

by SKY-lv · GitHub ↗ · v1.0.0 · MIT-0
cross-platform ⚠ suspicious
170
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install openclaw-agent-memory-system
Description
Agent 记忆系统设计助手。构建长期记忆、短期记忆、情景记忆架构。触发词:记忆、memory、上下文管理、上下文窗口。
Usage Guidance
This skill provides a coherent design and sample code for an agent memory system, but there are several red flags you should consider before using it: - Missing credential declaration: The code calls the OpenAI embeddings endpoint using process.env.OPENAI_API_KEY, yet the skill metadata does not declare any required environment variables. If you supply an API key, the skill's instructions will send content (potentially sensitive) to OpenAI. - Data persistence and exfiltration risk: The design persists arbitrary 'content' to a SQLite DB and a local Chroma vector store, and will send high-importance content to the external embeddings API. Review what you store and avoid putting secrets (passwords, tokens, PII) into memories. - Insecure SQL: The sample code builds SQL with string interpolation (content LIKE '%${k}%'), which is vulnerable to SQL injection. If you implement this, use parameterized queries or proper sanitization. - Missing dependency/runtime notes: The SKILL.md assumes a Node-like environment and libraries (SQLite client, Chroma client, fetch, crypto). The skill metadata doesn't list these — confirm the runtime and add explicit dependency/installation steps before implementation. Recommendations: only use or implement this guidance if you (or a developer you trust) will: 1) Explicitly declare and protect the OPENAI_API_KEY and never store secrets in the memory store; 2) Replace string-interpolated SQL with parameterized queries; 3) Add clear dependency and install instructions; 4) Audit what data will be persisted and sent to external services; and 5) Verify the linked repository (skill.json references a GitHub repo) to inspect full source and history. If you cannot verify these items, treat the skill as potentially unsafe.
Capability Analysis
Type: OpenClaw Skill Name: openclaw-agent-memory-system Version: 1.0.0 The skill bundle provides a template for an AI memory system that contains a critical SQL injection vulnerability in the `retrieve` method within `SKILL.md`. User-provided search queries are split into keywords and directly interpolated into a SQLite query string without sanitization. While the code accesses `process.env.OPENAI_API_KEY` to fetch embeddings from OpenAI, this behavior aligns with the stated purpose of the memory system and does not appear to be intentional data exfiltration.
Capability Tags
crypto
Capability Assessment
Purpose & Capability
The name and description (agent memory design assistant) align with the provided implementation guidance: SQLite for long-term storage, a vector store (Chroma) for embeddings, short-term maps, and calls to an embeddings API. However, the SKILL.md contains concrete implementation code that implies runtime dependencies (Node runtime, SQLite bindings, Chroma client, crypto, fetch) and use of an OPENAI_API_KEY, none of which are declared in the skill metadata. This mismatch between declared requirements (none) and implied runtime needs is noteworthy.
Instruction Scope
The instructions include code that calls an external embeddings API (https://api.openai.com/v1/embeddings) using process.env.OPENAI_API_KEY, persists data to a SQLite DB and a local Chroma store, deletes vector entries, and constructs SQL queries by interpolating user-provided text (content LIKE '%${k}%') — which is vulnerable to SQL injection if executed as-is. The SKILL.md does not limit or sanitize what data gets stored; it instructs storing arbitrary 'content' and metadata, which could lead to sensitive data being persisted or sent to the external embedding endpoint.
Install Mechanism
This is an instruction-only skill with no install spec and no code files executed by the platform. That minimizes direct install risk. However, the guidance implies installing/using packages (SQLite client, Chroma client) if a developer implements it — those steps are not provided here.
Credentials
The implementation explicitly uses process.env.OPENAI_API_KEY but the skill declares no required environment variables. Requesting an API key would be proportionate for embeddings, but the omission in metadata is an inconsistency and a potential surprise to users. The skill would also require filesystem write access (SQLite DB and './chroma') — that access is not declared.
Persistence & Privilege
The skill is not always-enabled and is user-invocable, and does not request elevated platform privileges. The described behavior stores data to a local DB and vector store (its own data), but does not attempt to modify other skills or global settings.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install openclaw-agent-memory-system
  3. After installation, invoke the skill by name or use /openclaw-agent-memory-system
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
Agent memory system initial release — supports multi-layered memory management for agents. - Implements short-term, long-term, semantic, and procedural memory architecture with context management. - Provides TypeScript core class for storing, retrieving, and consolidating agent memories using SQLite and vector search (Chroma). - Includes routines for context window building, memory importance scoring, and automatic short→long-term compression & forgetting. - Supports memory tagging, usage count, timestamp, and flexible storage for persistent agent learning. - Chinese documentation and usage examples included.
Metadata
Slug openclaw-agent-memory-system
Version 1.0.0
License MIT-0
All-time Installs 0
Active Installs 0
Total Versions 1
Frequently Asked Questions

What is Agent Memory System?

Agent 记忆系统设计助手。构建长期记忆、短期记忆、情景记忆架构。触发词:记忆、memory、上下文管理、上下文窗口。 It is an AI Agent Skill for Claude Code / OpenClaw, with 170 downloads so far.

How do I install Agent Memory System?

Run "/install openclaw-agent-memory-system" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Agent Memory System free?

Yes, Agent Memory System is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does Agent Memory System support?

Agent Memory System is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Agent Memory System?

It is built and maintained by SKY-lv (@sky-lv); the current version is v1.0.0.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191113 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 Comments