← 返回 Skills 市场
crftsmnd

Memory-Auditor

作者 crftsmnd · GitHub ↗ · v1.0.0 · MIT-0
cross-platform ⚠ suspicious
84
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install memory-auditor
功能描述
Audits an agent's claims against stored memory to detect fabricated or drifted details and assess memory consistency with token-level analysis.
安全使用建议
Before installing or invoking: (1) Confirm whether you expect the audit to run locally or to be sent to an external hosted service — SKILL.md claims local analysis but documents a remote endpoint and includes worker code. (2) Do not send sensitive or private memory contents to this endpoint unless you trust the operator and their Terms/Privacy, because the skill requires POSTing full 'current_behavior' and 'stored_memory' and demands a payment header. (3) Ask the author/source for clarification about the hard-coded EXA_API_KEY in wrangler.toml and worker.js; request removal of embedded keys or an explanation of their purpose. (4) Verify the service domain (memory-auditor.cvapi.workers.dev) and who controls it; prefer an implementation that truly runs locally if privacy is a concern. (5) If you still want to use it, request a version that performs the analysis locally (no external network calls) or review hosting/ownership/legal terms and ensure the payment mechanism cannot be abused.
功能分析
Type: OpenClaw Skill Name: memory-auditor Version: 1.0.0 The skill bundle implements a memory auditing service as described, but it contains a hardcoded API key (EXA_API_KEY: d6aa75ee-d815-4a48-8262-ac16131e9323) in both worker.js and wrangler.toml. While the code performs local token analysis and does not currently exfiltrate data, the inclusion of hardcoded credentials is a significant security vulnerability and poor practice.
能力标签
cryptocan-make-purchases
能力评估
Purpose & Capability
The description and SKILL.md claim the service performs local token analysis and requires no credentials, but the package includes a Cloudflare Worker implementation and documents a remote endpoint (https://memory-auditor.cvapi.workers.dev/audit). The presence of worker.js and wrangler.toml implies a hosted service rather than a purely local tool — a mismatch between advertised 'local analysis' and a published remote API.
Instruction Scope
SKILL.md instructs callers to POST full 'current_behavior' and 'stored_memory' to an external URL and to include an x402-payment header or ?payment=1. That means user/agent data will be transmitted off-host unless the user's platform replaces the call with local logic — contradicting the SKILL.md line 'No external API calls — runs entirely on local analysis.' There are no instructions that reference unrelated system files or env vars, but the external transmission and payment requirement broaden the operational scope.
Install Mechanism
There is no install spec (instruction-only from the registry perspective), which is low-risk. However the package actually contains worker.js and wrangler.toml for a Cloudflare Worker (code that would run remotely). No downloads or third-party install URLs are present in the package itself.
Credentials
The registry metadata lists no required environment variables, but wrangler.toml sets a [vars] EXA_API_KEY and worker.js falls back to a hard-coded GUID (env.EXA_API_KEY || 'd6aa75ee-...'). A secret/API key is present in the repo, though the key is not used anywhere in the code. This hard-coded credential is unexpected and disproportionate to the stated purpose and may indicate sloppy key handling or leftover secrets.
Persistence & Privilege
The skill does not request always:true, does not modify other skills, and does not ask for system-wide config paths or privileged access. It only exposes an HTTP API contract and a payment header requirement.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install memory-auditor
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /memory-auditor 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
Initial release - sh.20/audit
元数据
Slug memory-auditor
版本 1.0.0
许可证 MIT-0
累计安装 0
当前安装数 0
历史版本数 1
常见问题

Memory-Auditor 是什么?

Audits an agent's claims against stored memory to detect fabricated or drifted details and assess memory consistency with token-level analysis. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 84 次。

如何安装 Memory-Auditor?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install memory-auditor」即可一键安装,无需额外配置。

Memory-Auditor 是免费的吗?

是的,Memory-Auditor 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。

Memory-Auditor 支持哪些平台?

Memory-Auditor 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 Memory-Auditor?

由 crftsmnd(@crftsmnd)开发并维护,当前版本 v1.0.0。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 留言讨论