← 返回 Skills 市场

Local Memory Search

Name: Local Memory Search
Author: dagangtj

作者 dagangtj · GitHub ↗ · v1.0.0

cross-platform ⚠ suspicious

550

总下载

当前安装

版本数

在 OpenClaw 中安装

/install local-memory-search

功能描述

Performs fast local semantic search on OpenClaw memory files using TF-IDF without external dependencies or APIs.

使用说明 (SKILL.md)

Local Memory Search

Lightweight semantic search for OpenClaw memory files. No external API needed.

Usage

python3 search.py "your query"

Build index:

python3 search.py --build

Features

Searches MEMORY.md and memory/*.md
TF-IDF based semantic matching
Zero external dependencies
Fast local execution
Returns top snippets with file path and line numbers

How It Works

Builds inverted index of all memory files
Uses TF-IDF scoring for relevance
Returns ranked results with context

Requirements

Python 3.8+
No pip packages needed (uses stdlib only)

安全使用建议

This skill will read all OpenClaw memory files under ~/.openclaw and write an index at ~/.openclaw/memory_index.json — that's expected for a local search tool. However: (1) the README claims TF‑IDF and 'no external dependencies', but the script uses embeddings and calls an external embedding provider (runs the 'ollama' CLI or posts to http://localhost:11434). (2) Before running, verify whether you have or will install 'ollama' and how that service is configured (it might forward data elsewhere). If you want a pure TF‑IDF implementation that never calls external binaries or services, review or modify the code to replace get_embedding with a local TF‑IDF calculator. If you proceed, avoid running it on machine memory containing highly sensitive data until you confirm the embedding provider is local and trustworthy.

功能分析

Type: OpenClaw Skill Name: local-memory-search Version: 1.0.0 The skill is classified as suspicious due to a potential Remote Code Execution (RCE) vulnerability in `search.py`. The script uses `subprocess.run(['ollama', 'embed', EMBEDDING_MODEL, text])` to execute an external command, passing user-controlled input (`text` derived from file content or query) directly as an argument. While `subprocess.run` with a list is generally safer, it still presents a command injection risk if the `ollama` CLI tool itself has argument parsing vulnerabilities. There is no evidence of intentional malicious behavior like data exfiltration to external endpoints or backdoor installation; the network calls are limited to `localhost` for the Ollama service.

能力评估

⚠ Purpose & Capability

The stated purpose (local semantic search over OpenClaw memory files) matches what the script does (reads ~/.openclaw/workspace and returns ranked snippets). However SKILL.md claims TF‑IDF based matching and 'zero external dependencies', while search.py actually asks for embeddings and computes cosine similarity. That is an incoherence: the code requires an embedding provider (ollama CLI or a local HTTP API) which is not documented in SKILL.md.

⚠ Instruction Scope

The instructions tell you to run search.py and build an index; the code will: read all files under ~/.openclaw/workspace (MEMORY.md, memory/*.md, knowledge/**/*.md), create/writeto ~/.openclaw/memory_index.json, call an external 'ollama' CLI via subprocess or fall back to an HTTP POST to http://localhost:11434/api/embed to obtain embeddings, then compute cosine similarities. That means your local memory content will be passed to an external binary or to a local HTTP service. The SKILL.md omission of this behavior is problematic.

ℹ Install Mechanism

There is no install specification (lowest risk), but the script relies on an external binary/service ('ollama') or a local embedding HTTP endpoint. SKILL.md states 'No external API needed' and 'Zero external dependencies' which is inaccurate given the code's runtime dependency on an embedding provider.

ℹ Credentials

The skill requests no environment variables or credentials. It only reads/writes files under the user's home (~/.openclaw). That file access is proportional to a local memory search tool, but you should note it will transmit memory text to the embedding provider (ollama or localhost API), which could expose sensitive content depending on how that provider is configured.

✓ Persistence & Privilege

always is false and the skill does not request system-level privileges. It writes an index file at ~/.openclaw/memory_index.json and does not modify other skills or global agent config. No persistent agent-wide privilege escalation is requested.

如何使用

确保已安装 OpenClaw（本地或 Docker 部署）
在对话框中输入安装命令：/install local-memory-search
安装完成后，直接呼叫该 Skill 的名称或使用 /local-memory-search 触发
根据 Skill 的参数说明提供必要输入，即可获得结构化输出

版本历史

v1.0.0

- Initial release of local-memory-search. - Provides fast, local semantic search across OpenClaw memory files. - Uses TF-IDF matching with zero external dependencies. - Searches MEMORY.md and memory/*.md files, returning top relevant snippets with file paths and line numbers. - Supports Python 3.8+ and runs with standard library only.

元数据

Slug local-memory-search

版本 1.0.0

许可证 —

累计安装 1

当前安装数 1

历史版本数 1

常见问题