← 返回 Skills 市场
140
总下载
0
收藏
5
当前安装
1
版本数
在 OpenClaw 中安装
/install memory-enhancer
功能描述
Automatically extracts facts from daily logs to update and maintain structured long-term memory and summaries.
安全使用建议
This skill mostly does what it says (read a daily log and update local memory files), but exercise caution before installing: 1) Confirm what permissions context.sessions_spawn grants on your platform — does the spawned sub-agent have unrestricted filesystem or network access? 2) Ask the author to fix the documentation/code mismatch (SKILL.md says OpenRouter; code spawns 'google/gemini-2.5-flash'). 3) Because the code uses hard-coded absolute paths under /home/bosunjung, either run it in a sandboxed account or modify paths to a dedicated workspace to avoid touching other files. 4) Verify you have backups of MEMORY.md and memory/stats before running, and inspect skill-execution.log after tests. 5) Prefer an explicit allowlist: limit the sub-agent's read/write scope to the specific memory directory and confirm it cannot send data externally (or restrict its network access). If you cannot confirm or constrain the sub-agent's permissions, treat this skill as higher risk and avoid deploying it to sensitive environments.
功能分析
Type: OpenClaw Skill
Name: memory-enhancer
Version: 1.0.0
The skill extracts structured data from daily logs to maintain a long-term memory system, but it uses hardcoded absolute paths to a specific user's home directory (/home/bosunjung/) in index.js, which is a security anti-pattern. Additionally, it spawns a sub-agent to perform file writes based on the content of daily logs, which introduces a risk of indirect prompt injection if the logs contain instructions designed to manipulate the sub-agent's file operations.
能力评估
Purpose & Capability
The skill name and description match what the code does: read yesterday's log and update JSON summaries and MEMORY.md. However, the code hard-codes absolute paths under /home/bosunjung/.openclaw/workspace which is environment-specific, and SKILL.md says the sub-agent uses OpenRouter while index.js actually asks the platform to spawn a sub-agent using 'google/gemini-2.5-flash' — a clear inconsistency between documentation and implementation.
Instruction Scope
SKILL.md and the code instruct a spawned sub-agent to perform merges and write operations on files in memory/stats and append to MEMORY.md. The main skill itself does not perform the merges; it relies on context.sessions_spawn to run a sub-agent with the prompt that directs arbitrary read/write of workspace files. The prompt gives exact filesystem paths but there is no explicit scoping or safeguards in the code limiting what the sub-agent can read/write. This grants the sub-agent broad file-system authority within the workspace and could be abused to modify unrelated files or exfiltrate content if sub-agent tooling has network access.
Install Mechanism
There is no install spec or external download. The skill is provided as code (index.js) and SKILL.md; nothing is pulled from the network at install time. This is lower risk from an installation perspective.
Credentials
The skill requests no environment variables or credentials, which is appropriate for local file processing. However, it hard-codes user-specific absolute paths (/home/bosunjung/.openclaw/workspace...), making it tied to a particular account and increasing the chance of accidental access to unrelated user files if deployed elsewhere. Also SKILL.md indicates using OpenRouter, but the code uses an internal sessions_spawn with Gemini — no API keys are requested, but the mismatch should be clarified.
Persistence & Privilege
The skill is not marked always:true and does not attempt to alter other skills or system-wide agent settings. It writes logs and updates files within its declared workspace area, which is expected for a memory-maintenance tool. The higher-risk element is the autonomous sub-agent invocation (allowed by default) combined with file write instructions; autonomous invocation alone is normal but increases blast radius when paired with file writes.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install memory-enhancer - 安装完成后,直接呼叫该 Skill 的名称或使用
/memory-enhancer触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
- Initial release of the Memory Enhancer Skill.
- Automatically extracts structured facts from daily memory logs and maintains long-term memory.
- Uses a sub-agent to identify preferences, contacts, habits, and project statuses from logs.
- Updates relevant JSON stat files and appends concise summaries to MEMORY.md.
- Runs daily by default (2:00 AM), with OpenRouter as the analysis backend.
元数据
常见问题
Memory Enhancer 是什么?
Automatically extracts facts from daily logs to update and maintain structured long-term memory and summaries. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 140 次。
如何安装 Memory Enhancer?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install memory-enhancer」即可一键安装,无需额外配置。
Memory Enhancer 是免费的吗?
是的,Memory Enhancer 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
Memory Enhancer 支持哪些平台?
Memory Enhancer 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Memory Enhancer?
由 xpneuma(@xpneuma)开发并维护,当前版本 v1.0.0。
推荐 Skills