← Back to Skills Marketplace
taobaoaz

Yaoyao Memory Homo

by taobaoaz · GitHub ↗ · v4.0.1 · MIT-0
cross-platform ⚠ suspicious
342
Downloads
0
Stars
0
Active Installs
31
Versions
Install in OpenClaw
/install yaoyao-memory-v2
Description
六层架构记忆系统 - 让 AI 跨会话保持上下文、沉淀知识、持续进化 【本地存储】SQLite 数据库 【全文搜索】FTS5 搜索引擎 【模块化】核心+可选模块,按需安装
Usage Guidance
What you should check before installing or enabling auto features: - This skill includes a large codebase (many scripts) — review auto_updater.py, safe_extension_loader.py, vector_extension_manager.py, auto_updater/self_improver and any code that performs network requests or dynamic code loading before enabling automatic updates or extension loading. - Cloud sync (IMA/Samba/SFTP) and LLM/Embedding integrations are optional. Only configure API keys/credentials if you trust the endpoints. Prefer storing credentials with strict file permissions (600) and verify where the skill will read them (~/.config/ima, ~/.openclaw/credentials/secrets.env). - If you plan to run the dashboard/api_server, inspect api_server.py to confirm it only exposes local interfaces or is properly authenticated before binding to network ports. - Consider disabling auto-update/self-improvement and native-extension loading until you audit the updater/source URLs and the code that verifies update integrity (signatures/hashes). - Run the skill in a restricted environment (sandbox/container or a non-sensitive account) first, and keep backups of your ~/.openclaw workspace and databases before enabling cloud sync or running migration scripts. If you want, I can list specific files to inspect first (auto_updater.py, safe_extension_loader.py, install_modules.py, sync_ima.py, api_server.py) and summarize suspicious patterns found inside them.
Capability Analysis
Type: OpenClaw Skill Name: yaoyao-memory-v2 Version: 4.0.1 The skill bundle is an extremely comprehensive memory system that includes high-risk capabilities such as a local HTTP API server (api_server.py) and a shell command execution utility (shell_embed.py). While these features are aligned with the stated goal of advanced memory management and include defensive measures like command whitelisting and a governance layer (governance.py), they significantly expand the agent's attack surface. Specifically, the API server allows for remote configuration and data access, and the shell utility—despite using shell=False and a whitelist—could potentially be abused to interact with the host system in unintended ways. The presence of a modular installer (install_modules.py) that performs its own security scans suggests a sophisticated but potentially fragile security model, making the bundle 'suspicious' due to the inherent risks of its powerful administrative tools.
Capability Tags
cryptorequires-walletcan-make-purchasesrequires-sensitive-credentials
Capability Assessment
Purpose & Capability
Name/description claim a local, SQLite+FTS5 memory system with optional vector/ cloud sync. The included scripts and docs (search, memory, health_check, sync_ima, sync_samba, vector_store, etc.) are consistent with that purpose. One mismatch: the registry metadata/skill header said 'instruction-only / no install spec' yet the skill bundle contains a large codebase (166 files) — not dangerous by itself but worth noting because the runtime surface is much larger than a one-file helper.
Instruction Scope
SKILL.md instructs running local scripts (init, search, health_check, api_server). Those instructions stay within the memory system domain. However bootstrap/quickstart and ADVANCED docs instruct storing cloud credentials under ~/.config/ima and saving secrets in ~/.openclaw/credentials/secrets.env; scripts and the dashboard expect to read/write files under ~/.openclaw and to import/execute many local scripts. Several scripts (api_server, auto_updater, safe_extension_loader, shell_embed, sync_ima/sync_samba, self_improver) suggest behavior that can reach outside the immediate scope (network calls, loading extensions, executing updates) — the docs describe these behaviors but they expand the agent's runtime capabilities beyond simple local search.
Install Mechanism
There is no formal install spec (it is distributed as code in the skill folder), which means files will be present and executed by scripts. Of particular concern: auto_updater.py / auto_updater-like scripts, safe_extension_loader.py and vector_extension_manager.py (which mention loading .so/native extensions), and any self-improvement/autoupdater components — these can fetch or load code at runtime and enable remote code execution if configured. No evidence in the manifest of downloads from arbitrary URLs is shown, but the presence of update/extension loaders increases risk and warrants code inspection and disabling auto-update/extension loading until verified.
Credentials
The skill declares no required environment variables and the optional credentials (LLM API key, embedding API key, IMA credentials) are appropriate and expected for optional vector/LLM or cloud-sync features. The paths it accesses (~/.openclaw/*, ~/.config/ima/) match the described behavior. There are no surprising requests for unrelated cloud credentials or system admin secrets.
Persistence & Privilege
always:false (no forced always-on). The skill includes background/automation scripts (health_check cron-like tasks, auto_fixer, auto_updater, self_improver) that can run periodically or on demand. Autonomous invocation is allowed by default (normal), but combined with auto-update/self-improve/extension loading it increases the blast radius if those mechanisms are misused. The skill does not appear to modify other skills' configs, but it does write/read under the user's ~/.openclaw workspace and may persist config/credentials per its docs.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install yaoyao-memory-v2
  3. After installation, invoke the skill by name or use /yaoyao-memory-v2
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v4.0.1
Hermes Bridge integration and engine/module refactor: - 集成 Hermes Bridge,支持 API 错误分类、智能路由、脱敏、限流等功能。 - 新增 Hermes 适配脚本与 API 端点 (`/api/hermes_status`),支持管理与监控 Hermes 能力。 - 重构核心引擎,增加 `engine/` (analytics, backup, capture, recall, sync) 和 `storage/` 等模块,提升模块化与可维护性。 - 新增/拆分搜索与存储引擎代码,提升全文与结构化搜索能力。 - 更新多项配置与功能开关,支持更灵活的个性化部署。
v4.0.0
yaoyao-memory-v2 4.0.0 — Major architecture and feature upgrade - Refactored to a clear six-layer architecture with enhanced modularization. - Added multiple new core modules: conversation manager, batch operations, tag manager, hardware detector, predictive maintenance, memory WAL support, and more. - Introduced new configuration and monitoring files for feature flags and system thresholds. - Expanded CLI tools for quick search, optimized memory, performance monitoring, and maintenance workflows. - Improved documentation with new guides: ARCHITECTURE.md, SECURITY.md, MAINTENANCE.md, and RESEARCH.md. - Deprecated unused configs and streamlined legacy code.
v3.9.28
- Security notes updated in SECURITY_NOTES.md to improve or clarify security information. - No changes to feature set or functionality.
v3.9.27
- Updated the publish.sh script. - No changes to skill functionality or documentation content.
v3.9.26
Version 3.9.26 - 新增 scripts/virustotal_scan.py 文件,用于病毒扫描相关功能或文档支持
v3.9.25
- SECURITY_NOTES.md and VIRUS_SCAN_NOTES.md have been updated. - No changes to user-facing features or core functionality.
v3.9.24
yaoyao-memory-v2 3.9.24 - Simplified and reorganized documentation for clarity and brevity in SKILL.md. - Provided clearer installation and configuration guides for first-time users. - Streamlined permissions and feature descriptions. - Added direct references to security and virus scan notes.
v3.9.23
- 新增 VIRUS_SCAN_NOTES.md 文件,用于说明病毒扫描相关事项 - 其余功能与描述未发生变化
v3.9.22
- 新增 governance.py 文件,加入治理层(L5)相关代码 - 更新 install_modules.py,适配治理层模块安装 - 六层架构更完善,现在包含明确的治理层实现
v3.9.21
Version 3.9.21 - No file changes detected since the previous version (3.9.5). - No user-facing changes, feature updates, or fixes in this release.
v3.9.20
- 新增 scripts/install_modules.py 脚本,支持模块安装 - 更新 scripts/governance.py 脚本实现或逻辑 - 提升模块化支持,便于按需扩展
v3.9.19
- 更新 scripts/config_manager.py 文件以优化配置管理逻辑 - 其他模块与文档保持不变
v3.9.18
- Improved api_server.py and config_manager.py with minor updates. - No changes to user-facing features or documentation in this version.
v3.9.17
Version 3.9.17 of yaoyao-memory-v2 - Updated scripts/shell_embed.py (details of changes not specified). - No changes to documentation or feature list in SKILL.md. - Bug fixes or internal improvements may be included but are not detailed.
v3.9.16
- Security documentation updated in SECURITY_NOTES.md. - No changes to features or code in this release.
v3.9.15
Version 3.9.15 of yaoyao-memory-v2 - No file changes detected for this release. - Skill features and documentation remain the same as version 3.9.5. - No new functionality, fixes, or improvements included in this version. - Users can expect behavior and features to be identical to the previous release.
v3.9.14
yaoyao-memory-v2 3.9.14 - Updated onboarding prompt for first use with more concise instructions. - Minor improvements to SKILL.md for clarity and user guidance. - No functional or architectural changes in this version.
v3.9.13
yaoyao-memory-v2 3.9.13 - 首次使用引导文案优化:安装后可直接通过“开始使用”触发配置流程。 - 文档表述更简明友好,提升新手体验。 - 仅文档/说明内容更新,无核心功能变动。
v3.9.12
yaoyao-memory-v2 v3.9.12 - Updated migrate.py (details of the change not specified) - No changes to user-facing documentation or features
v3.9.11
yaoyao-memory-v2 3.9.11 更新日志 - 更新 install_modules.py 脚本文件 - 其它文档和功能保持不变
Metadata
Slug yaoyao-memory-v2
Version 4.0.1
License MIT-0
All-time Installs 0
Active Installs 0
Total Versions 31
Frequently Asked Questions

What is Yaoyao Memory Homo?

六层架构记忆系统 - 让 AI 跨会话保持上下文、沉淀知识、持续进化 【本地存储】SQLite 数据库 【全文搜索】FTS5 搜索引擎 【模块化】核心+可选模块,按需安装. It is an AI Agent Skill for Claude Code / OpenClaw, with 342 downloads so far.

How do I install Yaoyao Memory Homo?

Run "/install yaoyao-memory-v2" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Yaoyao Memory Homo free?

Yes, Yaoyao Memory Homo is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does Yaoyao Memory Homo support?

Yaoyao Memory Homo is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Yaoyao Memory Homo?

It is built and maintained by taobaoaz (@taobaoaz); the current version is v4.0.1.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463815 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259802 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200680 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191345 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190333 · by oswalpalash

💬 Comments