Unified Memory

Provides a layered, atomic, and performant memory management system with structured recall, vector search, smart deduplication, compression, and lifecycle ma...

This package looks like a full-featured memory system and the codebase largely matches its description, but there are several red flags you should address before installing or running it: - Do not run any remote install command (e.g., curl ... | bash) from this project without auditing the script. Prefer installing from a vetted GitHub release or building locally after review. - SKILL.md triggered prompt-injection patterns. Open SKILL.md and search for lines that attempt to override or instruct the agent/system (phrases like "ignore previous instructions" or "system prompt"). If present, remove or sanitize them before use. - The package contains server, web UI, plugin and cloud integration code. If you run this skill, it may open network ports or load third-party plugins — run it in a sandbox or isolated environment, and audit any code paths that start servers (src/api/, src/webui/, src/v4/http_server.js) or that dynamically load plugins. - Audit scripts that perform filesystem operations and external execs (deploy/verify scripts, any child_process.exec usage). Check for any 'curl | bash', downloads from arbitrary URLs, or hard-coded endpoints. - Confirm the provenance: find the authoritative source (the GitHub repo and its owner) and verify maintainers and release signatures. If origin is unknown or untrusted, do not give this skill access to sensitive environment variables, secrets, or production data. - If you must use it: run static scans, grep for 'exec', 'spawn', 'fetch', 'http', 'net.createServer', 'process.env', and review plugin loader code to ensure plugins cannot escalate privileges. Restrict runtime network access and run with least privilege. If you want, I can: - locate and excerpt the exact SKILL.md lines that matched the prompt-injection patterns, - list the files that appear to start network services and summarize the code paths that could expose data, - or produce a short checklist for a manual code audit covering the highest-risk areas.

Type: OpenClaw Skill Name: unified-memory-minimal Version: 5.2.5 The 'unified-memory-minimal' skill bundle is a comprehensive and well-structured memory management system for AI agents. It implements a multi-layered architecture (L0-L3) for recording conversations, extracting structured facts, inducing scene-based contexts, and maintaining user personas. Key features include hybrid BM25/vector search (via Ollama), knowledge graph extraction (src/graph/graph.js), version control (src/memory_diff.js), and multi-modal support for images and audio (src/core/vision.js, src/core/audio.js). The bundle also includes advanced utilities for token budget management, proactive care, and cross-device synchronization via Git or Cloud providers (S3/WebDAV). All capabilities, including filesystem and network access, are clearly documented in SKILL.md and are strictly aligned with the system's purpose of providing a persistent, searchable, and evolving memory for agents. No evidence of malicious intent, data exfiltration, or unauthorized execution was found.