← 返回 Skills 市场

infinite memory locall rag system for

Name: infinite memory locall rag system for
Author: mhndayesh

作者 mhndayesh · GitHub ↗ · v1.0.0

cross-platform ⚠ suspicious

540

总下载

当前安装

版本数

在 OpenClaw 中安装

/install infinite-memory-v2

功能描述

High-precision memory with 100% recall accuracy for long contexts.

使用说明 (SKILL.md)

\r \r

Infinite Memory 🦞\r

\r High-precision RAG engine for deep context retrieval (Phase 16 Architecture).\r \r

Tools\r

recall_facts\r

Cmd: python scripts/recall.py "{{query}}"\r
Goal: Search for facts in the historical database.\r \r

memorize_data\r

Cmd: python scripts/ingest.py "{{filename}}" "{{text}}"\r
Goal: Store new data into the long-term memory.\r

安全使用建议

What to consider before installing: - Do not run this unmodified on a network-exposed machine. The sidecar's uvicorn server is configured to bind 0.0.0.0, making the unauthenticated /ingest and /search endpoints reachable from the network. Change the host to 127.0.0.1 or add authentication/firewall rules before running. - The service accepts arbitrary text for ingestion and persists it to ./memory_db. Avoid ingesting secrets or sensitive data, or add encryption/access controls to the DB. - The AUTO_INTEGRATION.md explicitly tells you to change your agent system prompt so the agent always queries and treats recall_facts as absolute truth. That can cause the agent to uncritically return stored content (including secrets) and propagate errors — think twice before making memory 'authoritative'. - Verify the skill's source repository and release integrity; INSTALL.md points at a GitHub path but the registry lists no source. Confirm the upstream project and check commit history. - Fix minor packaging issues (requirements.txt contains 'axios' which is irrelevant for Python) and review the full engine file for any hidden network calls (the provided engine file was truncated in the manifest preview). - If you intend to use this, sandbox it (container/VM) and restrict network access. Add authentication (API key, local-only socket, or mTLS) to the sidecar endpoints, or bind to localhost-only. Review and test behavior for ingestion, recall, and deletion of stored data. If you want, I can: (1) point out the exact lines that bind to 0.0.0.0 and the endpoints to change, (2) produce a minimal patch to force localhost binding and require a simple API key, or (3) review the remainder of the engine file for external network calls if you provide the truncated part.

功能分析

Type: OpenClaw Skill Name: infinite-memory-v2 Version: 1.0.0 The skill bundle is classified as suspicious primarily due to a critical shell injection vulnerability in the `SKILL.md` file. The `Cmd` definitions for `recall_facts` and `memorize_data` directly embed user-controlled input (`{{query}}`, `{{filename}}`, `{{text}}`) into shell commands (`python scripts/recall.py "{{query}}"`) without apparent sanitization. If the OpenClaw agent does not sanitize these inputs before execution, an attacker could inject arbitrary shell commands. Additionally, the `memory_service.py` binds its FastAPI service to `0.0.0.0`, making it network-accessible and increasing its attack surface, though this is not inherently malicious. There is no clear evidence of intentional data exfiltration, persistence, or other malicious activities.

能力评估

ℹ Purpose & Capability

The code and scripts implement a local RAG/memory sidecar (ChromaDB + local LM Studio) which aligns with the skill name/description. Requiring python and curl is reasonable. Minor mismatch: requirements.txt lists 'axios' (a JS package) which is irrelevant for a Python-only install and looks like sloppy packaging. INSTALL.md references a GitHub URL but the skill registry lists 'Source: unknown' — the suggested external install source should be verified.

⚠ Instruction Scope

SKILL.md and the included scripts only call the local sidecar, which is expected, but references/AUTO_INTEGRATION.md instructs modifying agent core prompts to 'MUST proactively use recall_facts' and to 'treat the output of recall_facts as absolute ground truth (Direct-Return Bypass)'. That is scope-creep: it directs changes to other agent files and encourages the agent to unconditionally trust memory outputs (including 'secret codes' example), which increases risk of inadvertent disclosure or authoritative propagation of incorrect/sensitive data.

ℹ Install Mechanism

There is no automated install spec in the registry; the package contains Python code and instructions to run pip install -r requirements.txt. No immediate high-risk external downloads are embedded in the install spec. However INSTALL.md suggests downloading from a GitHub tree — the registry's source is unknown, so users should verify that URL matches the skill they are installing.

⚠ Credentials

The skill requests no credentials, which on the face is reasonable. However the sidecar runs unauthenticated endpoints (/ingest and /search) and memory_service's uvicorn server is started with host='0.0.0.0' (exposes the API on all network interfaces). That combination (no auth + public binding) is disproportionate for a local memory tool: it allows remote hosts to read/ingest arbitrary data unless the host/network firewall prevents it. The code writes a local persistent DB (./memory_db), so sensitive data could be stored persistently without access controls.

ℹ Persistence & Privilege

The skill does not set always:true and does not autonomously enable itself by default. However INSTALL.md and AUTO_INTEGRATION.md provide explicit steps to make the memory engine 'Auto' by editing agent core identity files, which would increase persistence and autonomous use — the skill makes it easy to escalate its presence if the integrator follows those instructions.

如何使用

确保已安装 OpenClaw（本地或 Docker 部署）
在对话框中输入安装命令：/install infinite-memory-v2
安装完成后，直接呼叫该 Skill 的名称或使用 /infinite-memory-v2 触发
根据 Skill 的参数说明提供必要输入，即可获得结构化输出

版本历史

v1.0.0

- Added "curl" to the required dependencies. - Streamlined and shortened the description for tools and features. - Condensed setup and usage instructions for improved clarity. - Removed detailed agent instructions and database location notes for a more concise overview.

元数据

Slug infinite-memory-v2

版本 1.0.0

许可证 —

累计安装 1

当前安装数 1

历史版本数 1

常见问题