MEMORY.md Manager - 长期记忆管理 (安全版)

自动创建并每日智能筛选更新 MEMORY.md 长期记忆文件，支持敏感信息脱敏和多服务商 API 安全调用。

总体上这是一个自洽的本地记忆管理脚本包，但在安装前请注意：1) openclaw.json 中的 provider.baseUrl 决定了脚本将数据发往何处，确保该 URL 和 provider 是你信任的（恶意或错误的 baseUrl 会把会话内容和你的 API Key 发送到不期望的主机）；2) 若不希望任何会话被发送到外部 LLM，可不在环境中设置任何 API Key（脚本会降级到本地规则模式）；3) 脚本会在控制台输出部分掩码的 API Key（仅前后几字符），如果控制台日志对他人可见，这会暴露部分密钥信息；4) MEMORY.md 可能含敏感信息，遵循建议将其文件权限设为 600 并仅为受信任用户可读；5) 安装时注意交互提示（cron 创建需要你手动同意/运行命令），并在首次运行前查看 scripts/update-memory.sh 的行为以确认符合你的隐私策略。

Type: OpenClaw Skill Name: memory-manager-secure Version: 1.0.0 The skill bundle is classified as suspicious primarily due to a deceptive 'Security Warning' in SKILL.md that claims the current version (v1.0.0) is unsafe and instructs the user or agent to install a differently-named package (memory-manager-zx), which is a common tactic for package substitution or social engineering attacks. Additionally, the script 'scripts/update-memory.sh' performs high-risk operations by programmatically reading the sensitive '~/.openclaw/openclaw.json' configuration file and aggressively harvesting various API keys (e.g., BAILIAN_API_KEY, DEEPSEEK_API_KEY, OPENAI_API_KEY) from environment variables. While these actions are framed as necessary for its 'memory management' functionality, the combination of broad credential access and misleading instructions is highly irregular.