← 返回 Skills 市场
Memory System Optimizer
作者
githubxiaohei
· GitHub ↗
· v2.0.1
899
总下载
1
收藏
7
当前安装
7
版本数
在 OpenClaw 中安装
/install memory-system-optimizer
功能描述
OpenCLAW 记忆系统优化 - 四层架构 + 自我反思 + 情绪识别 + 任务规划 + 12项增强功能
安全使用建议
This skill is mostly coherent as a file-based memory assistant, but there are red flags you should address before installing or running scripts: 1) Remove or audit scripts/billing.js — it calls an external billing API (skillpay.me) and expects API credentials that the skill metadata doesn't declare; if you don't intend monetization, delete that file. 2) Treat config-files/TOOLS.md as potentially leaking secrets: it includes a Feishu app_token and other identifiers in plaintext — remove or replace these with placeholders. 3) If you allow the agent to run scripts, run them first in a sandboxed account or container; verify they don't send data externally. 4) Search the package for other hardcoded tokens or endpoints. 5) Consider restricting autonomous invocation or requiring explicit confirmation for any operation that sends data externally, charges money, or modifies files outside a narrow memory directory. If you want, I can produce a minimal-safe variant of the skill (remove billing, scrub tokens, tighten AGENTS.md wording) or create a checklist of exact changes to make before use.
功能分析
Type: OpenClaw Skill
Name: memory-system-optimizer
Version: 2.0.1
The skill bundle contains a hardcoded Feishu API token (app_token) and specific database table IDs within 'config-files/TOOLS.md', which constitutes a significant security vulnerability. Additionally, it includes a monetization/billing module ('scripts/billing.js') that communicates with an external endpoint (skillpay.me), which is unusual for a utility-focused skill. While the instructions in 'AGENTS.md' and 'SKILL.md' align with the stated goal of memory optimization, the presence of hardcoded credentials and external payment logic poses a risk to the user's environment.
能力评估
Purpose & Capability
The skill declares itself a memory-system optimizer, which justifies file-based memory scripts and configuration. However, it includes an unrelated billing module (scripts/billing.js) that talks to https://skillpay.me and expects SKILLPAY_API_KEY / SKILLPAY_SKILL_ID (not declared in the skill's required env). It also embeds an app token example in config-files/TOOLS.md. A free memory skill wouldn't normally include a charging/remote billing component or plaintext service tokens without explanation.
Instruction Scope
SKILL.md and AGENTS.md instruct the agent to read and update many workspace files (SOUL.md, USER.md, MEMORY.md, memory/INDEX.md, today's memory files). That's expected for a memory skill, but AGENTS.md contains a high-risk line: 'Don't ask permission. Just do it.' — this encourages autonomous, wide-reaching file reads/edits. The runtime examples instruct running local scripts (memlog.sh, memory-decay.js, memory-gc.sh) which operate on ~/.openclaw/workspace/memory — reasonable for the purpose but potentially sensitive because the workspace can contain secrets. The skill does not explicitly instruct any data exfiltration, but config files include advice not to exfiltrate while also containing embedded tokens, creating contradictory signals.
Install Mechanism
No install spec; it's instruction + code files included in the package. That lowers installer risk since nothing will be downloaded at install time. Scripts are simple shell/Node scripts and the only external network call is in billing.js to skillpay.me (which runs only if executed).
Credentials
Registry metadata claims no required env vars, but scripts/billing.js requires SKILLPAY_API_KEY and SKILLPAY_SKILL_ID to function (and will exit if missing), indicating an undocumented credential requirement. Additionally, config-files/TOOLS.md contains a hard-coded feishu app_token and other platform identifiers in plaintext — embedded credentials or config snippets in the skill files are a sensitive mismatch versus the 'no env vars required' claim.
Persistence & Privilege
always:false (normal) and disable-model-invocation:false (normal autonomous capability). Combined with AGENTS.md's 'Don't ask permission' wording and the skill's broad file-read/write instructions, there is an elevated risk if the skill is exercised autonomously. There is no code that modifies other skills or system settings, and no 'always:true' flag, so persistence/privilege is not excessive by metadata, but behavior guidance inside files encourages broad autonomous actions.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install memory-system-optimizer - 安装完成后,直接呼叫该 Skill 的名称或使用
/memory-system-optimizer触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v2.0.1
- Introduced 12 new configuration files to enhance feature control and customization.
- Upgraded to a four-layer memory architecture with additional support for self-reflection, emotion recognition, and adaptive task planning.
- Expanded functions include privacy/data governance, explainability, collaboration, and ongoing evolution.
- Improved documentation to detail new modules and enhanced capabilities.
v1.5.0
- Added auto-memlog.sh for automatic timestamped memory logging.
- Updated documentation to recommend auto-memlog.sh as the primary logging tool.
v1.4.0
- Added 12 core configuration files covering identity, autonomy, skills, feedback, security, multi-agent coordination, and more.
- Updated documentation to detail the purpose and use of each new configuration file in the memory system architecture.
v1.3.0
- Removed all paid usage, pricing information, and SkillPay integration; the skill is now completely free to use.
- Updated documentation to reflect free usage and removed payment setup/configuration steps.
- Maintained all original memory system architecture and tool usage instructions.
v1.2.0
Version 1.2.0 introduces SkillPay billing integration and updated usage instructions:
- Added scripts/billing.js to enable SkillPay API billing support.
- Updated documentation with new setup, configuration, and payment integration instructions.
- Introduced environment variable-based API key management for enhanced security.
- Clarified user_id generation, error handling, and payment link return logic.
- Removed sensitive information from SKILL.md for improved safety.
v1.0.1
- Added detailed SkillPay API integration instructions in SKILL.md, including code sample for billing.
- Clarified API Key configuration and added Skill ID information.
- No changes to core functionality or files.
v1.0.0
- Initial release of the memory-system-optimizer skill.
- Implements a three-layer memory architecture (NOW.md, daily logs, INDEX.md).
- Adds automatic memory decay and cold data archiving based on a hot/warm/cold model.
- Includes CRUD validation (read-before-write, conflict detection, and outdated data marking).
- Provides shell and Node.js tools for logging, memory decay, and data archiving.
- Pay-per-use pricing with SkillPay integration (0.01 USDT per call).
元数据
常见问题
Memory System Optimizer 是什么?
OpenCLAW 记忆系统优化 - 四层架构 + 自我反思 + 情绪识别 + 任务规划 + 12项增强功能. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 899 次。
如何安装 Memory System Optimizer?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install memory-system-optimizer」即可一键安装,无需额外配置。
Memory System Optimizer 是免费的吗?
是的,Memory System Optimizer 完全免费(开源免费),可自由下载、安装和使用。
Memory System Optimizer 支持哪些平台?
Memory System Optimizer 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Memory System Optimizer?
由 githubxiaohei(@githubxiaohei)开发并维护,当前版本 v2.0.1。
推荐 Skills