← Back to Skills Marketplace
69
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install llm-memory-publish
Description
LLM Memory Integration - 接口层 + 自动化钩子。安装后自动从 CNB 仓库拉取私有增强包。
README (SKILL.md)
LLM Memory Integration
⚠️ 重要安全声明
本包包含生命周期钩子,会在安装时自动执行网络操作:
| 钩子 | 触发时机 | 行为 |
|---|---|---|
postinstall.py |
安装完成后 | 从 cnb.cool 克隆私有包 |
onStartup.py |
Gateway 启动时 | 检查私有包更新 |
请知悉:
- ✅ 钩子会执行
git clone命令(subprocess 调用) - ✅ 钩子会访问
https://cnb.cool/llm-memory-integrat/llm - ✅ 钩子会写入
~/.openclaw/workspace/skills/llm-memory-integration/src/privileged/
架构说明
本包采用"公开包 + 私有包"架构:
| 组件 | 内容 | 风险等级 |
|---|---|---|
| 公开包(本包) | 接口定义 + FTS 回退实现 | 🟢 低风险 |
| 私有包(CNB) | 高性能实现 + 原生扩展 + API 集成 | 🟡 中风险 |
私有包来源:https://cnb.cool/llm-memory-integrat/llm
自动化安装
安装本技能后,系统会自动执行:
- postinstall 钩子:从 CNB 克隆私有包到
src/privileged/ - onStartup 钩子:检查私有包状态和更新
如需禁用自动安装:
# 安装时跳过钩子
clawhub install llm-memory-integration --no-hooks
手动安装私有包
如果自动安装失败,可手动执行:
git clone https://cnb.cool/llm-memory-integrat/llm.git \
~/.openclaw/workspace/skills/llm-memory-integration/src/privileged
权限声明
| 权限 | 用途 |
|---|---|
git 二进制 |
克隆私有包 |
网络访问 cnb.cool |
下载私有包 |
写入 src/privileged/ |
安装私有包 |
读写 ~/.openclaw/memory-tdai/ |
记忆数据库 |
公开包功能(无私有包时)
- ✅ FTS 全文搜索(SQLite FTS5)
- ✅ 记忆 CRUD 操作
- ✅ 接口定义
私有包功能(安装后)
- 🚀 向量搜索(sqlite-vec)
- 🚀 LLM/Embedding API 集成
- 🚀 原生扩展加速
- 🚀 GPU 加速
架构支持
- ✅ x64 (x86_64)
- ✅ ARM64 (aarch64)
版本: 8.0.1
许可: MIT-0
作者: xkzs2007
更新日志
v8.0.1
- 🔒 修复元数据一致性:正确声明 hooks 的网络访问和 subprocess 调用
- 📝 更新安全声明,明确告知用户钩子行为
v8.0.0
- 🎯 新增生命周期钩子:安装后自动拉取私有包
- 🎯 新增 onStartup 钩子:启动时自动检查更新
- 🔄 重构为"公开包 + 私有包"架构
Usage Guidance
This skill will automatically clone code from an external domain (cnb.cool) into ~/.openclaw/workspace/skills/llm-memory-integration/src/privileged when installed (postinstall hook) and will check that clone on gateway startup. If you consider installing:
- Only install if you trust the cnb.cool host and the package owner. The clone places third-party code inside your agent workspace and that code may include native extensions or arbitrary scripts.
- If you are unsure, install with hooks disabled (clawhub install llm-memory-integration --no-hooks) and manually inspect the remote repository before placing it in src/privileged.
- Prefer to run the skill in an isolated environment (container/VM) so any native extensions or system-level optimizations cannot affect your host.
- Review the contents of the cloned repository before importing or executing it. Look specifically for native extension builds, scripts run at import time, or code that accesses system-level interfaces or credentials.
- If you need higher assurance, ask the author for a signed release (or a release hosted on a well-known vendor site) or request that the private functionality be delivered via an audited package/OCI image rather than a direct git clone from an unknown host.
I rate this suspicious rather than malicious because the behavior is coherent with the stated purpose, but automatic fetching from an unvetted external host and contradictory claims about 'no code execution' are red flags that deserve manual review before installation.
Capability Analysis
Type: OpenClaw Skill
Name: llm-memory-publish
Version: 8.0.2
The skill bundle acts as a 'loader' or 'dropper' that uses lifecycle hooks (hooks/postinstall.py and hooks/onStartup.py) to download and monitor external code from a remote Git repository (https://cnb.cool/llm-memory-integrat/llm.git). While the 'Public + Private' architecture is transparently documented in SKILL.md and docs/ARCHITECTURE.md, the practice of fetching and executing unverified remote payloads during installation and startup is a high-risk pattern that bypasses static analysis of the primary bundle. The provided code is mostly a shell; the actual high-performance logic referenced in tests/test_all.py is fetched at runtime, creating a significant supply-chain risk.
Capability Assessment
Purpose & Capability
Name/description, required binaries (python3, git, sqlite3), required config paths and declared network endpoint all match the stated design: a public interface that auto-fetches a private 'privileged' package providing vector/GPU/native functionality. However documentation pockets claim the '公开包' has 'no code execution' while the package includes lifecycle hooks that run subprocesses (git clone) — this contradiction should be resolved by the author.
Instruction Scope
SKILL.md and the hooks explicitly instruct the agent to run subprocess git clone against https://cnb.cool/llm-memory-integrat/llm.git and write into ~/.openclaw/workspace/skills/.../src/privileged. Hooks auto-run postinstall (by default) and on startup checks the repo. The behavior is scoped to installing/maintaining the private package, but cloning and placing external code inside the agent's workspace expands runtime scope — the hooks will create files from an external source that could later be imported/executed. The instructions are explicit and offer a '--no-hooks' option, which mitigates but does not eliminate risk.
Install Mechanism
No packaged install was provided; instead lifecycle hooks perform a git clone from a single external host (cnb.cool). The host is not a widely-known release host (e.g., GitHub/GitLab releases) and is fetched via subprocess at install time. While the clone itself is not an archive-extract, it results in arbitrary code being written to disk. The private repo may include native extensions or arbitrary scripts (the docs say it can), increasing risk.
Credentials
The skill requests no secrets or cloud credentials and only asks for read/write access to its own memory directory and write access to its own privileged directory as well as network access to the declared host — these are proportionate to the stated goal of fetching a private implementation. No unrelated environment variables or credentials are requested.
Persistence & Privilege
always:false (good). The skill installs lifecycle hooks that run automatically on postinstall and execute on gateway startup (onStartup). Hooks do not modify other skills or system config, but they do write into the skill workspace and can persist the cloned private code across runs. Automatic hooks increase blast radius if the remote repo is malicious or compromised.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install llm-memory-publish - After installation, invoke the skill by name or use
/llm-memory-publish - Provide required inputs per the skill's parameter spec and get structured output
Version History
v8.0.2
test
Metadata
Frequently Asked Questions
What is Llm Memory Publish?
LLM Memory Integration - 接口层 + 自动化钩子。安装后自动从 CNB 仓库拉取私有增强包。 It is an AI Agent Skill for Claude Code / OpenClaw, with 69 downloads so far.
How do I install Llm Memory Publish?
Run "/install llm-memory-publish" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Llm Memory Publish free?
Yes, Llm Memory Publish is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does Llm Memory Publish support?
Llm Memory Publish is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Llm Memory Publish?
It is built and maintained by xkzs2007 (@xkzs2007); the current version is v8.0.2.
More Skills