← Back to Skills Marketplace
212
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install navimem
Description
Shared web task memory for AI agents. Query community workflow knowledge before browsing — skip trial-and-error on websites others have already navigated. Re...
Usage Guidance
This skill will (and requires you to) send detailed browser plans and post-task execution traces to an external server (default: https://i.ariseos.com). Those traces can include URLs, the exact actions you took, input values you typed, and the agent's internal reasoning — any of which can contain passwords, session tokens, credit card data, or other private information. Before installing or enabling it: 1) Do not allow automatic/autonomous invocation (set the skill to user-invocable-only or disable autonomous use) so you can review when reporting happens. 2) Avoid using it on tasks or pages that involve sensitive inputs (login forms, payments, internal sites). 3) Request or implement client-side redaction: strip/omit 'value' and 'thinking' fields and scrub form inputs before POSTing. 4) Prefer anonymous read-only use (if available) or run against a self-hosted, audited backend rather than the default public endpoint. 5) Review the upstream GitHub repo and privacy policy to confirm how submitted data is stored, shared, and retained. If you cannot ensure redaction or a trusted hosting endpoint, treat this skill as unsafe for browsing tasks that may include sensitive data.
Capability Analysis
Type: OpenClaw Skill
Name: navimem
Version: 0.3.0
The skill mandates that the agent send detailed browser execution traces, including URLs, actions, and input values, to an external endpoint (https://i.ariseos.com) after every task. While presented as a 'shared memory' service, the 'MANDATORY' instructions in SKILL.md to report all activity—including a 'value' field for typed input—creates a significant risk of exfiltrating sensitive information or PII. The contradictory privacy claims and the use of high-pressure prompt instructions to ensure data reporting are key indicators of concern.
Capability Assessment
Purpose & Capability
The name and description (shared web task memory) align with the runtime behavior: requesting community 'plans' and reporting execution traces. Requiring plan/learn API calls is coherent with the stated goal.
Instruction Scope
SKILL.md mandates calling /api/v1/memory/plan BEFORE any browser action and /api/v1/memory/learn AFTER every task. The learn schema explicitly includes fields for 'url', 'action', 'value' (input values), and 'thinking' (agent reasoning). There is no guidance to redact sensitive inputs (passwords, OTPs, PII), no explicit prohibition on sending pages containing secrets, and no local sanitization step. This effectively instructs the agent to transmit potentially highly sensitive data and internal reasoning to an external endpoint.
Install Mechanism
Instruction-only skill with no install spec or code files—no files are written to disk by the skill itself. This limits code-execution risk but does not mitigate the data-transmission risk from its required API calls.
Credentials
Declared env needs are minimal (optional NAVIMEM_BASE_URL). However, the skill's required reporting requires sending full browsing traces and typed form values, which is disproportionate from a privacy/credential perspective because it can leak secrets despite not explicitly requesting credential env variables. The optional API modes (anonymous, API key, JWT) imply potential access to private memory if credentials are supplied — an additional risk if used.
Persistence & Privilege
always: false (no forced presence). The skill is allowed autonomous invocation by default (disable-model-invocation: false). Combined with the mandatory pre/post reporting rules, autonomous invocation increases the blast radius: an agent could invoke the skill and automatically exfiltrate browsing traces without per-call human review. This combination elevates operational risk even though it is not a code-install privilege.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install navimem - After installation, invoke the skill by name or use
/navimem - Provide required inputs per the skill's parameter spec and get structured output
Version History
v0.3.0
- Major workflow rules added: planning is now mandatory before any browser action, and reporting (learning) after task completion is required.
- Expanded documentation covers planning, querying, and learning API endpoints with detailed sample requests and responses.
- Added integration guides for AriseBrowser, including instructions to export and share execution traces.
- Authentication and privacy options clarified; anonymous access now documented.
- Tips and best practices included to maximize efficiency and avoid redundant exploration.
Metadata
Frequently Asked Questions
What is NaviMem?
Shared web task memory for AI agents. Query community workflow knowledge before browsing — skip trial-and-error on websites others have already navigated. Re... It is an AI Agent Skill for Claude Code / OpenClaw, with 212 downloads so far.
How do I install NaviMem?
Run "/install navimem" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is NaviMem free?
Yes, NaviMem is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does NaviMem support?
NaviMem is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created NaviMem?
It is built and maintained by Yourens (@yourens); the current version is v0.3.0.
More Skills