← Back to Skills Marketplace

Agent Memory System

Name: Agent Memory System
Author: sky-lv

by SKY-lv · GitHub ↗ · v1.0.0 · MIT-0

cross-platform ⚠ suspicious

Downloads

Stars

Active Installs

Versions

Install in OpenClaw

/install skylv-agent-memory-system

Description

Agent 记忆系统设计助手。构建长期记忆、短期记忆、情景记忆架构。触发词：记忆、memory、上下文管理、上下文窗口。

Usage Guidance

This skill appears to implement a legitimate agent memory system, but it has important transparency and safety issues you should address before installing: 1) The runtime code calls the OpenAI embeddings API using process.env.OPENAI_API_KEY but the skill metadata does not declare that credential—ask the author to explicitly declare required env vars and explain how API keys are used and stored. 2) The code constructs SQL with string interpolation from user queries (SQL injection risk); require input sanitization or parameterized queries. 3) Embedding calls send memory content to an external service—consider whether memory may contain sensitive data and if you should use a private/local embedding model instead. 4) Request documentation or a link to the repository/homepage, minimal reproducible examples, and any data-retention/privacy controls. If you proceed, use a scoped/dedicated API key, limit retention, and test in an isolated environment first.

Capability Analysis

Type: OpenClaw Skill Name: skylv-agent-memory-system Version: 1.0.0 The skill bundle contains a significant SQL injection vulnerability in the 'retrieve' method within SKILL.md, where user-provided search queries are directly concatenated into a SQL string. Additionally, the 'evaluateImportance' function explicitly flags sensitive terms like 'password' (密码) and 'account' (账号) for long-term storage, which encourages the persistence of sensitive credentials in an unencrypted SQLite database. While these appear to be architectural flaws in a template rather than intentional malware, the lack of input sanitization and the targeting of sensitive data pose a high security risk.

Capability Tags

crypto

Capability Assessment

⚠ Purpose & Capability

The SKILL.md implements a hierarchical memory system (short-term, long-term, vector/semantic) which is coherent with the declared purpose. However, the implementation expects an embeddings provider (calls OpenAI embeddings endpoint via process.env.OPENAI_API_KEY) and a local vector store/SQLite database, yet the skill metadata declares no required environment variables or credentials. The omission of the OPENAI_API_KEY requirement is an inconsistency that reduces transparency.

⚠ Instruction Scope

The instructions include concrete code that will persist data to a SQLite DB, write to a local Chroma vector store, and send text to the OpenAI embeddings API. Those actions are within a memory system’s scope, but the code builds SQL queries by interpolating user-derived keywords into LIKE clauses (risk of SQL injection) and will send potentially sensitive memory text off-host to OpenAI. The SKILL.md does not warn about privacy, retention, or minimum-data practices.

✓ Install Mechanism

This is an instruction-only skill with no install spec and no code files executed by the registry. That lowers supply-chain risk compared with arbitrary downloads. The runtime instructions still assume installing/using SQLite and a Chroma client, but nothing is being pulled automatically by the skill package itself.

⚠ Credentials

The embedded code calls the OpenAI embeddings endpoint using process.env.OPENAI_API_KEY but the skill declares no required env vars or primary credential. Requesting an API key (and thus permission to transmit memory contents externally) is material and should be declared; its absence is a transparency gap. Also, the skill could leak sensitive user data to an external service if deployed without careful access controls.

✓ Persistence & Privilege

The skill does not request always:true, does not claim to modify other skills, and has no install-time persistence declared. It does instruct how to create local DB files and a vector store (expected for a memory system), but it does not assert elevated platform privileges.

How to Use

Make sure OpenClaw is installed (local or Docker)
Run the install command in chat: /install skylv-agent-memory-system
After installation, invoke the skill by name or use /skylv-agent-memory-system
Provide required inputs per the skill's parameter spec and get structured output

Version History

v1.0.0

Initial-release

Metadata

Slug skylv-agent-memory-system

Version 1.0.0

License MIT-0

All-time Installs 0

Active Installs 0

Total Versions 1

Frequently Asked Questions

What is Agent Memory System?

Agent 记忆系统设计助手。构建长期记忆、短期记忆、情景记忆架构。触发词：记忆、memory、上下文管理、上下文窗口。 It is an AI Agent Skill for Claude Code / OpenClaw, with 96 downloads so far.

How do I install Agent Memory System?

Run "/install skylv-agent-memory-system" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Agent Memory System free?

Yes, Agent Memory System is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does Agent Memory System support?

Agent Memory System is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Agent Memory System?

It is built and maintained by SKY-lv (@sky-lv); the current version is v1.0.0.

More Skills