← 返回 Skills 市场

Memory Plus Sync

Name: Memory Plus Sync
Author: lewistouchtech

作者 Lewis&Eva · GitHub ↗ · v2.0.0 · MIT-0

cross-platform ⚠ suspicious

总下载

当前安装

版本数

在 OpenClaw 中安装

/install memory-plus-sync

功能描述

实现飞书、微信、Telegram 等多渠道消息采集与同步，统一存储到官方 SQLite，支持实时监控、告警及自动恢复。

安全使用建议

This skill appears to implement the advertised multi-channel sync and monitoring features, but exercise caution before installing: - Metadata omission: Although the registry claims 'no required env vars / zero-config', the code reads cloud-model API keys (KIMI/QWEN/GLM/DEEPSEEK) and ~/.openclaw/openclaw.json; if you have sensitive API keys in that file or environment, the skill can use them to call external services. Expect external network calls if validator/scorer/reviewer features are enabled. - Network exposure: mcp_server.py exposes HTTP endpoints (documentation shows binding to 0.0.0.0). If you run the server, bind it to localhost or protect it with a firewall/authentication if you don't want external access. - Local file access: The skill will read and write files under ~/.openclaw, ~/.hermes, and ~/.shared-memory and may create logs, backups, and cron jobs (install.sh/setup_env.sh exist). Back up your MEMORY.md and SQLite DB before first run. - Inspect install scripts: Do not run install.sh or setup_env.sh without reviewing their contents. If you plan to install, run in an isolated environment (VM or container) first and inspect what they modify (crontab, file permissions, created services). - Credential hygiene: If you do not want the skill to call remote models, make sure no model API keys are present in env or openclaw.json, or disable validator/arbiter features in config. Consider running with network disabled for initial testing. - Recommended steps: 1) Review install.sh and setup_env.sh; 2) Search code for any outbound endpoints (OpenAI/OpenAI-compatible base URLs are used) and decide whether to provide API keys; 3) Run the skill in a sandboxed user account or container; 4) Limit server binding to localhost and add authentication if exposing it; 5) Backup ~/.openclaw and ~/.hermes before first sync. Given these discrepancies (undeclared env usage, network-exposed server, install scripts), the package is coherent with its advertised function but carries non-trivial operational risk — treat it as 'suspicious' until you verify and sandbox it.

功能分析

Type: OpenClaw Skill Name: memory-plus-sync Version: 2.0.0 This skill bundle implements a comprehensive memory synchronization and management system for OpenClaw, featuring MCP server integration, multi-agent validation (Validator/Scorer/Reviewer), and cross-channel message collection from platforms like Feishu and Telegram. The code interacts with various LLM APIs (Kimi, Qwen, DeepSeek) and manages local SQLite and vector databases for memory storage and deduplication. While it performs sensitive actions such as reading API keys from `~/.openclaw/openclaw.json`, accessing local chat histories, and establishing persistence via cron jobs, these behaviors are well-documented and strictly aligned with the stated purpose of providing an advanced memory sync utility. No evidence of malicious intent, unauthorized data exfiltration, or obfuscation was found.

能力标签

requires-sensitive-credentials

能力评估

ℹ Purpose & Capability

The name/description (cross-channel message collection and sync into the official SQLite) aligns with the code: collectors, monitor, dedup, versioning, and an MCP HTTP server are present. However the SKILL.md/metadata claim 'no required env vars' and 'zero-config' while multiple modules read cloud-model API keys and local config files (e.g., ~/.openclaw/openclaw.json). Asking for cloud model API keys (KIMI/QWEN/GLM/DEEPSEEK) is plausible for the validator/arbiter features, but the skill metadata does not declare these dependencies—this mismatch is unexpected.

⚠ Instruction Scope

Runtime instructions tell the user/agent to start an MCP HTTP server (mcp_server.py) that can bind to 0.0.0.0 and to run syncing/monitor commands. The code and docs instruct reading/writing many user-local paths (~/.openclaw, ~/.hermes, ~/.shared-memory, workspace logs, and DB paths) and creating backups/cron entries. Reading those paths is coherent for a sync tool, but it also means the skill will access potentially sensitive local memory files and configuration (including any API keys stored in openclaw.json). The skill will also call out to cloud model endpoints when validator/scorer/reviewer components are used, which could transmit collected messages externally.

ℹ Install Mechanism

No install spec is declared in the registry metadata (instruction-only), which reduces automatic install risk. However the repository includes install.sh and setup_env.sh and README suggests 'ClawHub install' or cloning + pip install -r requirements.txt. Those scripts and the suggested crontab/zero-config auto-start behavior imply filesystem changes and scheduled tasks if the user runs them—review these scripts before executing. No remote binary downloads were declared in the metadata; code appears to rely on normal Python packages.

⚠ Credentials

The skill metadata lists no required environment variables or primary credential, but the code reads many environment variables and config files: KIMI_API_KEY, QWEN_API_KEY, GLM_API_KEY (or ZHIPUAI_API_KEY), DEEPSEEK_API_KEY, and it loads ~/.openclaw/openclaw.json for model apiKey/baseUrl. That is a material discrepancy: cloud-model credentials and local OpenClaw config are not declared but are used when validator/arbiter features are enabled. These credentials would permit outgoing requests to third-party services and could be used to exfiltrate collected messages if configured.

ℹ Persistence & Privilege

The skill does not set always:true and does not claim elevated platform privileges. It does, however, include code and documentation that start a long-running MCP HTTP server (optionally bound to 0.0.0.0), create/modify files under user home (~/.shared-memory, ~/.openclaw, ~/.hermes), and suggests adding cron entries. Those behaviors grant persistent presence on the host if the user runs install/setup scripts or enables auto-start; that persistence is expected for a sync/monitoring tool but increases attack surface and should be deliberately authorized by the user.

如何使用

确保已安装 OpenClaw（本地或 Docker 部署）
在对话框中输入安装命令：/install memory-plus-sync
安装完成后，直接呼叫该 Skill 的名称或使用 /memory-plus-sync 触发
根据 Skill 的参数说明提供必要输入，即可获得结构化输出

版本历史

v2.0.0

v2.0.0 重大升级：MCP服务器、三代理验证、智能去重、批量处理等高级功能 🚀 新功能： 1. MCP 服务器集成 (7个标准化工具) 2. 三代理验证机制 (准确率93%) 3. 智能去重功能 (基于哈希和语义相似度) 4. 批量处理支持 (并发处理+错误恢复) 5. 版本控制系统 (完整变更历史) 6. 健康度监控 (60秒间隔自动检查) 7. 故障自动修复 (自动重连/客户端重置) 🔧 技术架构升级： - 后端：FastAPI + Uvicorn - 验证：三代理并行处理 + 仲裁机制 - 存储：三级存储架构 (L1/L2/L3) - 监控：实时健康检查 + 告警系统 - 集成：无缝对接 OpenClaw 记忆系统 📊 性能指标： - 准确率：93% (超越 Mem0 65%, 字节跳动 70%) - 响应时间：8ms (远低于 30s 目标) - 稳定性：95% (长时间运行测试) - 集成测试：100% 通过率 🎯 向后兼容性： - 保留原有同步功能 - 兼容原有命令行接口 - 支持渐进式升级

v1.0.0

跨渠道记忆同步工具首版发布（零配置启动 + 实时监控 + 自动恢复）

元数据

Slug memory-plus-sync

版本 2.0.0

许可证 MIT-0

累计安装 0

当前安装数 0

历史版本数 2

常见问题

Memory Plus Sync 是什么？

实现飞书、微信、Telegram 等多渠道消息采集与同步，统一存储到官方 SQLite，支持实时监控、告警及自动恢复。它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件，目前累计下载 99 次。

如何安装 Memory Plus Sync？

在 OpenClaw 或 Claude Code 对话框中运行命令「/install memory-plus-sync」即可一键安装，无需额外配置。

Memory Plus Sync 是免费的吗？

是的，Memory Plus Sync 完全免费，采用 MIT-0 许可证，可自由下载、安装和使用。

Memory Plus Sync 支持哪些平台？

Memory Plus Sync 跨平台运行，可在任意部署了 OpenClaw / Claude Code 的环境中使用（cross-platform）。

谁开发了 Memory Plus Sync？

由 Lewis&Eva（@lewistouchtech）开发并维护，当前版本 v2.0.0。