功能描述

Universal LYGO Living Memory Library upgrade. Provides a strict, low-noise memory index (max 20 files), fragile tagging, and audit/compression workflows so Champions can retain continuity and verify integrity via LYGO-MINT. Pure advisor; not a controller.

使用说明 (SKILL.md)

LYGO Universal Living Memory Library (v1.1)

Name: LYGO Universal Living Memory Library (v1.1)
Author: deepseekoracle

What this is

A universal upgrade skill for LYGO systems that defines a minimal, durable memory library:

Max 20 files in the active index (small context footprint)
{FRAGILE} tagging for manual review
An audit workflow (integrity + drift checks)
A compression workflow (pure signal)
Provenance via LYGO‑MINT hashes + anchors

This skill is pure advisor: it does nothing unless invoked.

When to use

Use when you want to:

define what files are “the living core”
run an audit on those files
compress a large archive into a clean Master Archive
mint+anchor a living memory snapshot

How to invoke (copy/paste)

“Run Living Memory Audit (max20 index) and report drift/fragile flags.”
“Compress these logs into Master Archive using Living Memory rules.”
“Mint the Master Archive with LYGO‑MINT and output an Anchor Snippet.”

Core verifier (install)

https://clawhub.ai/DeepSeekOracle/lygo-mint-verifier

References

references/library_spec.md (rules + file roles)
references/core_files_index.json (the Max20 index)
references/audit_protocol.md
references/compression_protocol.md
references/seal_220cupdate_excerpt.md

Scripts

scripts/audit_library.py (runs the audit against the index)
scripts/self_check.py (pack sanity)

安全使用建议

What to check before installing or running: - Review references/core_files_index.json carefully. Ensure none of the paths are absolute or include upward traversal (../) that would let the script read files outside a safe directory. - Do not run audit_library.py with its default settings in a workspace containing secrets. Instead pass --base to explicitly point to a sandboxed folder containing only the files you want audited. - Note that compression and minting are not implemented in this package; the SKILL.md points to an external verifier you must vet separately before installing or running it. - Run scripts/self_check.py first to confirm the bundle is internally consistent. Inspect the produced state/living_memory_audit_report.json after a dry run to see what was read and written. - If you want to be conservative: run the skill only in an isolated environment (container or throwaway workspace) and disable autonomous invocation for this skill until you have audited it fully. - If you lack the skills to audit file path logic, avoid installing an untrusted instruction-only skill that reads the filesystem, or ask someone with developer/security experience to review the index and scripts.

功能分析

Type: OpenClaw Skill Name: lygo-universal-living-memory-library Version: 1.1.0 The skill bundle is primarily documentation and Python scripts for auditing local files. The `audit_library.py` script reads files specified in `references/core_files_index.json` (relative to a configurable base path, defaulting to the workspace root) and writes a local report. It performs no network operations, no malicious execution (e.g., `eval`/`exec` of untrusted input), and no attempts at persistence or data exfiltration. While `SKILL.md` provides high-level instructions for tasks like 'Compress these logs' and 'Mint the Master Archive', the skill bundle itself does not contain executable components for these actions, nor does it instruct the agent to perform any malicious operations. The skill explicitly states it is 'Pure advisor; not a controller', which is consistent with the provided code.

能力评估

ℹ Purpose & Capability

The skill's name/description promise audit, compression, and mint/mint-verification workflows. The distributed package contains audit/self-check/show-hash scripts and protocol docs, but there is no implemented compression or minting/posting logic; instead SKILL.md points to an external 'lygo-mint-verifier' URL. That is a reasonable separation if the verifier is intentionally external, but it is an unexplained gap between claimed capabilities and included code.

⚠ Instruction Scope

SKILL.md instructs running audits/compression/minting. The included audit script performs local filesystem inspection and hashing only (no network). However, audit_library.py defaults --base to Path(__file__).resolve().parents[3] (i.e., a directory *above* the skill root), and it constructs target paths using base / rel without sanitizing rel; if core_files_index.json contains absolute paths or traversal, the script can read files outside the skill bundle. That makes the script able to access arbitrary files accessible to the agent/workspace and then write a JSON report under base/state, which could leak contents if the agent prints or transmits the report. The compression and anchoring steps are only described, not implemented.

✓ Install Mechanism

This is an instruction-only skill with no install spec and no packaged external downloads. That keeps install risk low — nothing is fetched or extracted by the skill itself.

✓ Credentials

The skill declares no required environment variables, no credentials, and no config paths. The code likewise does not reference environment credentials. The SKILL.md's external verifier link may require separate installation/creds, but those are not requested by this skill.

ℹ Persistence & Privilege

always:false and no special persistence is requested. The skill is user-invocable and can be autonomously invoked by agents by default (platform default). Combined with the audit script's ability to read workspace files, autonomous invocation could increase blast radius — consider restricting autonomous use if you are concerned.

版本历史

v1.1.0

Universal max-20 living memory index + fragile tagging + audit/compression workflows + LYGO-MINT provenance

元数据

Slug lygo-universal-living-memory-library

版本 1.1.0

许可证 —

累计安装 1

当前安装数 1

历史版本数 1

常见问题