← Back to Skills Marketplace
267
Downloads
0
Stars
0
Active Installs
5
Versions
Install in OpenClaw
/install sql-memory
Description
Semantic memory layer for OpenClaw agents. Use when: (1) persisting agent memories with importance scoring, (2) hierarchical memory rollups (daily→weekly→mon...
Usage Guidance
This skill implements a SQL-backed memory/queue and legitimately needs SQL credentials, but the package metadata fails to declare them and the docs include example cloud host/database names (including a third‑party-looking host). Before installing: 1) Confirm you will provide your own SQL endpoints and credentials; never reuse the sample cloud host/database shown in the docs. 2) Inspect sql_memory.py and setup_schema.py for any hardcoded endpoints or credentials (search for hostname, ip, db_). 3) Install and inspect the required sql-connector dependency to see how credentials are read and stored. 4) Run the skill in an isolated environment and point it at a test database you control. 5) Consider network/DB access controls and encryption (use least privilege DB user, TLS, and audit logs). If you can share the full sql_memory.py (or confirm no hardcoded remote credentials/endpoints), I can re-evaluate and raise confidence.
Capability Analysis
Type: OpenClaw Skill
Name: sql-memory
Version: 2.2.0
The skill bundle provides a comprehensive semantic memory layer for agents, but it contains a significant SQL injection vulnerability in the 'execute' method within 'sql_memory.py'. The docstring explicitly admits that this legacy passthrough bypasses parameterization, creating a high-risk surface for database exploitation. Additionally, the code and documentation contain hardcoded internal IP addresses (10.0.0.110) and specific third-party database hostnames (sql5112.site4now.net) as defaults, which is a poor security practice even if not inherently malicious.
Capability Assessment
Purpose & Capability
The skill's name/description (semantic SQL memory, queue, logs, rollups) aligns with the included code (sql_memory.py, setup_schema.py). However the registry metadata declares no required env vars or primary credential while the SKILL.md/README/GETTING_STARTED explicitly require SQL connection secrets (SQL_* env vars). That omission in the declared requirements is an incoherence: the skill will need DB credentials at runtime even though none are advertised.
Instruction Scope
Runtime instructions are within the stated purpose (create schema, remember/recall/search, queue tasks, log events). But the docs repeatedly show/encourage a specific cloud backend (SQL_CLOUD_SERVER=sql5112.site4now.net, SQL_CLOUD_DATABASE=db_99ba1f_memory4oblio) — sample values that point to an external instance — and setup/install steps assume users will provide .env credentials. The SKILL.md also instructs running setup_schema.py which connects to whatever profile is configured. There is no instruction-level warning that a misconfigured profile could point to a third-party DB; that raises risk of accidental data transfer.
Install Mechanism
No install spec (instruction-only) and the package is bundled in the skill archive (python files and scripts). There are no remote download URLs or extract/install steps that fetch arbitrary binaries, so installation risk is low. The skill does depend on the external 'sql-connector' skill which itself will need to be installed.
Credentials
The registry lists no required environment variables, but documentation and setup script require SQL credentials (SQL_LOCAL_*/SQL_CLOUD_* including passwords). Requiring database credentials is appropriate for a DB-backed memory skill, but failing to declare them in the registry is a mismatch that hides sensitive requirements from users. Also the docs include example host/database names (a third-party host and specific database name) which could lead users to accidentally connect to or leak data into someone else's instance if they copy examples.
Persistence & Privilege
The skill is not marked 'always: true' and is user-invocable (normal). It does not request to modify other skills or system-wide settings. It does add persistent state to an external SQL database (expected for its purpose) — ensure DB access is scoped and audited.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install sql-memory - After installation, invoke the skill by name or use
/sql-memory - Provide required inputs per the skill's parameter spec and get structured output
Version History
v2.2.0
GETTING_STARTED.md (512 lines) and SKILL_REFERENCE.md (936 lines) added. Dependency chain documented (sql-connector required). Publish workflow added. Dead DB reference corrected. README DEPENDENCY_PRIORITY section added.
v2.1.0
Housekeeping: removed infrastructure copies and unrelated tests. Branches main+development now in sync. Skill now contains only: sql_memory.py, setup_schema.py, knowledge-base docs.
v2.1.0-alpha
Public alpha: rewrote README with full API reference, schema setup guide, setup_schema.py auto-installer, alpha warning, community invite.
v2.0.1
v2.0.1: pymssql transport, logged_at fix, todo CRUD, model_hint, UTC everywhere
v2.0.0
v2.0: pymssql transport, logged_at fix, todo CRUD, model_hint, UTC everywhere
Metadata
Frequently Asked Questions
What is SQL Memory?
Semantic memory layer for OpenClaw agents. Use when: (1) persisting agent memories with importance scoring, (2) hierarchical memory rollups (daily→weekly→mon... It is an AI Agent Skill for Claude Code / OpenClaw, with 267 downloads so far.
How do I install SQL Memory?
Run "/install sql-memory" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is SQL Memory free?
Yes, SQL Memory is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does SQL Memory support?
SQL Memory is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created SQL Memory?
It is built and maintained by Oblio (@oblio-falootin); the current version is v2.2.0.
More Skills