← 返回 Skills 市场
250
总下载
0
收藏
1
当前安装
2
版本数
在 OpenClaw 中安装
/install memory-review
功能描述
知识沉淀自动化技能。扫描近期日记,识别可沉淀知识,自动写入知识库。触发时机:cron 定时任务或手动调用。使用方法:加载 skill 后读取 references/spec.md 获取详细规范。
安全使用建议
This skill will scan and modify files inside your project (memory/daily, memory/knowledge, AGENTS.md, MEMORY.md, data/exec-logs). Before installing or running it: 1) Inspect AGENTS.md and MEMORY.md for any tokens, webhooks, or secrets — move secrets into a controlled vault or environment variables and update the skill configuration accordingly. 2) Back up AGENTS.md, TOOLS.md and other config files the skill may edit. 3) Confirm where 'report delivery' actually posts (the SKILL.md mentions Feishu but gives no delivery method); prefer explicit webhook or token entry via env vars rather than embedding credentials in AGENTS.md. 4) Ensure md5sum (coreutils) is available in your runtime if you plan to run the skill. 5) Run the skill first in a limited test workspace to review generated files and logs before allowing regular cron/autonomous runs.
功能分析
Type: OpenClaw Skill
Name: memory-review
Version: 1.1.0
The memory-review skill automates the extraction of knowledge from daily logs and delivers reports to external platforms like Feishu. It exhibits high-risk behaviors by instructing the agent in SKILL.md and references/spec.md to read sensitive configuration files (AGENTS.md and MEMORY.md) to retrieve delivery credentials and to execute shell commands (md5sum) for change detection. While these actions are aligned with the stated purpose of knowledge management, the automated reading of internal configuration files combined with external data delivery poses a risk of unauthorized data exposure or exfiltration.
能力评估
Purpose & Capability
The skill's name/description (automatically scan diaries and write knowledge) matches the instructions to read memory/daily and write memory/knowledge and reports. However the SKILL.md references running md5sum and delivering reports to channels (e.g., Feishu) while the metadata declares no required binaries or credentials — a mild inconsistency. It's plausible the skill expects delivery configuration to live in AGENTS.md/MEMORY.md instead of environment variables, but that should be documented as a deliberate design choice.
Instruction Scope
Runtime instructions explicitly read and write local project files: MEMORY.md, AGENTS.md, memory/daily/*, memory/knowledge/*, data/exec-logs/* and may modify AGENTS.md or TOOLS.md. The skill also states it will '投递报告' (deliver reports) using values from AGENTS.md/MEMORY.md (e.g., Feishu group IDs). This grants the skill broad discretion over local content and the ability to post externally if delivery logic is implemented — the SKILL.md does not specify how delivery is performed or what exact fields/credentials are required. That lack of precision increases risk because the agent could read secrets embedded in those files or use hidden endpoints.
Install Mechanism
Instruction-only skill (no install spec, no code files). This is the lowest install risk: nothing will be fetched or written during installation. All behavior comes from SKILL.md and references/spec.md.
Credentials
The skill declares no required environment variables or primary credential, but it expects delivery config (channel IDs, potentially tokens or webhooks) to be found in AGENTS.md or MEMORY.md. Not requiring environment variables is acceptable if the project stores all needed endpoints locally, but the skill should declare that it will read those files and should document the expected keys and whether they may contain secrets. As-is, it may read/write files that incidentally contain sensitive tokens without explicitly asking for them.
Persistence & Privilege
The skill is not always:true and is user-invocable (normal). It will write files under memory/ and data/exec-logs/ and may update AGENTS.md/TOOLS.md as part of 'low priority' rules — this is within its stated purpose but grants it write privilege over project configuration files. That capability should be made explicit and limited by user policy or review.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install memory-review - 安装完成后,直接呼叫该 Skill 的名称或使用
/memory-review触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.1.0
Version 1.1.0 introduces improved configuration and scanning features:
- Added support for reading delivery configuration from AGENTS.md or MEMORY.md, using placeholders for sensitive info.
- Enhanced scanning: now uses incremental (md5) comparison to avoid duplicate processing.
- Expanded knowledge types: now recognizes 5 classes of knowledge to deposit.
- Added execution log output to data/exec-logs/memory-review/.
- Updated trigger options: supports every 2 days, on demand, or (optionally) at session end.
- Documentation updated to reflect new configuration and workflow details.
v1.0.0
Initial release of memory-review skill:
- Scans recent diaries to identify and propose knowledge for consolidation.
- Automatically writes identified knowledge into the appropriate knowledge base files.
- Generates a knowledge consolidation report at memory/daily/YYYY-MM-DD-memory-review.md.
- Prioritizes content: errors/lessons to post-mortems.md, technical knowledge to knowledge/fw-*.md, config/preferences to TOOLS.md or AGENTS.md.
- Supports both scheduled (cron) and manual review triggers.
- Highlights cases needing manual confirmation or review.
元数据
常见问题
Memory Review 是什么?
知识沉淀自动化技能。扫描近期日记,识别可沉淀知识,自动写入知识库。触发时机:cron 定时任务或手动调用。使用方法:加载 skill 后读取 references/spec.md 获取详细规范。 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 250 次。
如何安装 Memory Review?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install memory-review」即可一键安装,无需额外配置。
Memory Review 是免费的吗?
是的,Memory Review 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
Memory Review 支持哪些平台?
Memory Review 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Memory Review?
由 AxelHu(@axelhu)开发并维护,当前版本 v1.1.0。
推荐 Skills