← 返回 Skills 市场
228
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install memory-hybrid-stack
功能描述
Use this skill to read/write the hybrid memory stack (Postgres facts, Redis realtime state, Qdrant vector recall) that lives under `infra/memory-stack`. Prov...
安全使用建议
This skill contains small shell helpers that source a workspace .env and then run psql, redis-cli, and curl. Before installing or enabling it:
- Verify the .env file it will source (default infra/memory-stack/.env or the absolute path mentioned in connection-map) and ensure it does not contain secrets you don't want referenced by a skill. The scripts will export PGPASSWORD and may use REDIS_PASSWORD and QDRANT_URL.
- Ask the author/maintainer to update registry metadata to list required env vars (POSTGRES_USER, POSTGRES_PASSWORD, POSTGRES_DB, REDIS_PORT/POSTGRES_PORT/QDRANT settings) so the credential needs are explicit.
- If you run these scripts, keep QDRANT_URL unset or set it explicitly to a localhost URL; otherwise the scripts can make HTTP requests to arbitrary URLs and could send data off-host.
- Confirm the path assumptions (connection-map mentions /home/va/.openclaw/workspace/infra/memory-stack/.env) — change MEMORY_STACK_ENV or MEMORY_STACK_ROOT to a safe path before running to avoid accidental reads of user files.
- Prefer running the scripts in a sandboxed environment and inspect .env contents first. If you cannot validate the .env or the QDRANT_URL, treat this skill as risky and do not enable it for autonomous agent use.
功能分析
Type: OpenClaw Skill
Name: memory-hybrid-stack
Version: 0.1.0
The skill provides a set of shell scripts (facts_sql.sh, state_kv.sh, and qdrant_request.sh) that act as thin, unvalidated wrappers for psql, redis-cli, and curl to manage a local memory stack. While these capabilities are aligned with the stated purpose of providing a hybrid memory layer, the lack of input sanitization allows for arbitrary SQL, Redis command, and HTTP request execution, which are high-risk behaviors susceptible to prompt injection. The scripts also automatically source sensitive credentials from a local .env file located in the infra/memory-stack directory.
能力评估
Purpose & Capability
The name/description (hybrid memory stack for Postgres/Redis/Qdrant) aligns with the included helper scripts and reference docs. However the package metadata declares no required environment variables while the scripts expect and source an .env that contains DB/Redis/Qdrant credentials. There are also small mismatches in documented vs. coded default ports (docs mention Qdrant HTTP=6335, script defaults to 6333).
Instruction Scope
The runtime instructions and scripts source a workspace .env file (default path baked in via references/connection-map.md) and export DB credentials for use by psql/redis-cli/curl. qdrant_request.sh allows overriding QDRANT_URL, which could make HTTP requests to a remote host (not limited to localhost). The scripts accept file inputs (e.g., @/tmp/points.json) and will POST/PUT those payloads; nothing prevents pointing QDRANT_URL at an external endpoint, enabling potential credential or data exfiltration. The SKILL.md and connection-map also mention an absolute workspace path (/home/va/...), which could cause the agent to read user-specific files.
Install Mechanism
No install spec — instruction-only with small helper scripts. This has lower risk than remote installers since nothing is downloaded during installation; the primary risk is what the scripts do at runtime.
Credentials
Registry metadata claims no required env vars, yet scripts rely on POSTGRES_USER, POSTGRES_PASSWORD, POSTGRES_DB, REDIS_PASSWORD (optional), QDRANT_URL/PORT/HOST and an .env file under infra/memory-stack. That omission is a meaningful mismatch: the skill will read sensitive credentials from a workspace .env but the package does not declare or surface that requirement to the user.
Persistence & Privilege
always is false and the skill is user-invocable; it does not request permanent platform-level presence. Autonomous invocation is allowed (platform default) but not itself a new risk here. The skill does not attempt to modify other skills or agent-wide configuration.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install memory-hybrid-stack - 安装完成后,直接呼叫该 Skill 的名称或使用
/memory-hybrid-stack触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v0.1.0
Initial release: Postgres/Redis/Qdrant helper scripts and workflow guide
元数据
常见问题
Memory Hybrid Stack 是什么?
Use this skill to read/write the hybrid memory stack (Postgres facts, Redis realtime state, Qdrant vector recall) that lives under `infra/memory-stack`. Prov... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 228 次。
如何安装 Memory Hybrid Stack?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install memory-hybrid-stack」即可一键安装,无需额外配置。
Memory Hybrid Stack 是免费的吗?
是的,Memory Hybrid Stack 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
Memory Hybrid Stack 支持哪些平台?
Memory Hybrid Stack 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Memory Hybrid Stack?
由 VegaBai(@vegabai)开发并维护,当前版本 v0.1.0。
推荐 Skills