← Back to Skills Marketplace

memory-system

Name: memory-system
Author: damiencronw

by damienCronw · GitHub ↗ · v1.0.0

cross-platform ⚠ suspicious

335

Downloads

Stars

Active Installs

Versions

Install in OpenClaw

/install openclow-memory

Description

OpenClaw 长期记忆管理系统。提供结构化记忆、向量记忆、语义搜索功能。Use when: 用户需要 AI 记住长期上下文、偏好、决策，或需要从记忆中进行语义搜索。

Usage Guidance

This skill mostly does what it says (archives local markdown memories into Postgres and performs vector/semantic search), but there are several red flags you should address before installing or running it on sensitive data: - The scripts assume psql and curl are available and a local embedding service at http://localhost:11434; those requirements are not declared. Ensure you understand and control those services. - The code hardcodes the DB username ('damien') and ports; it lacks environment-variable configuration. Prefer changing the scripts to accept DB credentials via secure env vars or a config file before use. - The archiver reads ~/.openclaw/workspace/memory and will import file contents into a database. Only run it if you trust the source and the destination DB. If the local embedding service proxies requests externally, your data could be sent outside your machine. - The import uses naive string interpolation to build SQL passed to psql; this is brittle and could lead to SQL quoting issues or injection-like problems for unusual content. Use parameterized inserts or a DB client library instead. If the author can (a) declare required binaries/env vars, (b) make DB and embedding endpoints configurable through env vars, and (c) fix SQL parameterization, the skill would be much safer. Until then, run it in a controlled/non-sensitive environment and review/modify the scripts yourself.

Capability Analysis

Type: OpenClaw Skill Name: openclow-memory Version: 1.0.0 The skill bundle contains significant security vulnerabilities, specifically SQL and shell injection risks in `scripts/memory_manager.py` and `scripts/memory_search.py`. These scripts construct command-line strings for `psql` using f-strings and unsanitized file content or user input, which could be exploited if the agent processes untrusted data. While the behavior aligns with the stated purpose of local memory management and no evidence of intentional exfiltration or remote backdoors was found, the poor security practices and hardcoded local environment details (user 'damien') warrant a suspicious classification.

Capability Assessment

⚠ Purpose & Capability

The declared purpose (structured + vector memory with Postgres/pgvector and local embeddings) is coherent with the code. However the skill listing declared no required binaries or env vars, while the scripts assume psql, curl, and a local embedding service on localhost:11434 and use a hardcoded DB user 'damien' and ports 5432/5433. The lack of declared requirements/configuration is a mismatch and reduces transparency.

ℹ Instruction Scope

Instructions and scripts explicitly read local files under ~/.openclaw/workspace/memory and insert/archive them into local Postgres — this is within the stated purpose. The vector search posts queries to a hardcoded local embedding API (http://localhost:11434/api/embeddings). There is no evidence of external network exfiltration beyond the local embedding call, but if that local service proxies externally it could leak content.

✓ Install Mechanism

No install spec (instruction + small scripts) — lowest-risk install mechanism. Nothing is downloaded or extracted by the skill itself.

⚠ Credentials

No required env vars or credentials were declared in metadata, yet the code hardcodes database access (user 'damien', ports 5432/5433) and assumes presence of psql and curl. This is disproportionate: either required env/binaries should be declared or credentials/parameters should be configurable (env vars or config file). Hardcoded credentials reduce safety and transparency.

✓ Persistence & Privilege

always:false and the skill does not request system-wide persistence or modify other skills. It runs local file I/O and subprocesses but does not request elevated or persistent platform privileges.

How to Use

Make sure OpenClaw is installed (local or Docker)
Run the install command in chat: /install openclow-memory
After installation, invoke the skill by name or use /openclow-memory
Provide required inputs per the skill's parameter spec and get structured output

Version History

v1.0.0

OpenClaw 长期记忆管理系统首次发布，支持多种结构化和向量记忆功能。 - 支持结构化记忆（PostgreSQL）：目标、决策、状态、偏好、参考 - 向量记忆（pgvector）：支持中文 embedding、语义搜索及相似度匹配 - 自动归档：本地文件保留 7 天，定期自动导入数据库 - 多数据库支持，明确定义表结构及端口用法 - 附带归档脚本与检索工具，支持快速更新与搜索记忆 - 支持多种记忆配置方式，包括文件夹、数据库与插件

Metadata

Slug openclow-memory

Version 1.0.0

License —

All-time Installs 0

Active Installs 0

Total Versions 1

Frequently Asked Questions

What is memory-system?

OpenClaw 长期记忆管理系统。提供结构化记忆、向量记忆、语义搜索功能。Use when: 用户需要 AI 记住长期上下文、偏好、决策，或需要从记忆中进行语义搜索。 It is an AI Agent Skill for Claude Code / OpenClaw, with 335 downloads so far.

How do I install memory-system?

Run "/install openclow-memory" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is memory-system free?

Yes, memory-system is completely free (open-source). You can download, install and use it at no cost.

Which platforms does memory-system support?

memory-system is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created memory-system?

It is built and maintained by damienCronw (@damiencronw); the current version is v1.0.0.

More Skills