← 返回 Skills 市场
523
总下载
1
收藏
2
当前安装
8
版本数
在 OpenClaw 中安装
/install mempalace-openclaw
功能描述
MemPalace memory system for OpenClaw/XClaw/WorkBuddy. Archive AI conversations to local long-term storage with semantic search. Commands: /mem-arc (archive),...
安全使用建议
This skill appears to implement a usable local memory/archive system, but it is not a zero-risk drop-in. Before installing: 1) Run it inside a Python virtual environment (venv) so pip installs don't modify your system Python. 2) Set MEMPALACE_SKILL_ROOT to the skill directory (or MEMPALACE_PALACE_PATH) to force data to stay under the skill folder — otherwise defaults will write to ~/.mempalace. 3) Inspect the omitted/large files (mcp_server.py, the shell and PowerShell hooks) to confirm there is no unwanted network listener or extra commands executed. 4) Do not point the miner at wide or root-level folders — only pass the specific conversation/memory directory you want archived to avoid indexing sensitive files. 5) If you are uncomfortable with automatic cron scheduling, decline or disable auto-archive until you verify behavior. Additional information that would raise confidence: confirmation that mcp_server is disabled by default and the full contents of the hook scripts; otherwise treat this package as functionally coherent but operationally risky.
功能分析
Type: OpenClaw Skill
Name: mempalace-openclaw
Version: 1.6.0
The skill bundle implements a local long-term memory system using ChromaDB and SQLite, but it contains several high-risk behaviors. The `SKILL.md` file instructs the AI agent to perform shell commands including `pip install` for dependencies and recursive directory scanning via `mempalace mine` (implemented in `mempalace/miner.py`). Furthermore, `mempalace/entity_registry.py` makes outbound HTTP requests to the Wikipedia API (`en.wikipedia.org`) for entity disambiguation. While these actions are aligned with the stated purpose and partially disclosed in the documentation, the combination of package installation, network access, and broad file system indexing constitutes a significant security risk.
能力标签
能力评估
Purpose & Capability
Name/description (local archive + semantic search) aligns with code: bundled mempalace source, mining, chunking, and ChromaDB-based search are present. However the SKILL.md repeatedly states "all paths are relative to the skill directory / no user paths exposed," while the packaged code falls back to writing/reading ~/.mempalace and other home paths unless MEMPALACE_SKILL_ROOT or related env vars are set. That mismatch is a meaningful inconsistency.
Instruction Scope
Runtime instructions tell the agent to install the bundled package locally and third-party deps, create palace_data, and run mempalace mine which recursively scans directories and indexes many file types (py/json/md/yaml etc.). The miner can thus read arbitrary files in the supplied directories. SKILL.md warns the user to avoid sensitive files, but the ability to index broad paths (and the code defaulting to home directories) expands scope beyond a narrow 'archive current conversation' task.
Install Mechanism
There is no registry install spec, but SKILL.md instructs runtime pip operations: `pip install -e ./mempalace` (local editable install) and `pip install chromadb pyyaml` (from PyPI). This will modify the Python environment unless the user runs a venv. Installing ChromaDB from PyPI is expected for the stated functionality but it's an action that changes system state and pulls third-party packages.
Credentials
The registry declares no required env/credentials, which is consistent at a glance. But the code reads/writes several env vars (MEMPALACE_PALACE_PATH, MEMP_PALACE_PATH, MEMPALACE_SKILL_ROOT) and will default to ~/.mempalace if a skill-root marker isn't present. Entity registry, config, and index files are written under home by default. That divergence between 'no env needed / local-only' and actual defaults that touch the user's home directory is disproportionate and worth noting.
Persistence & Privilege
The skill does not request always:true and is user-invocable only. SKILL.md mentions OpenClaw's cron to auto-archive daily (runtime scheduling). The codebase includes an mcp_server.py and shell/PowerShell hooks; those files suggest potential extra runtime capabilities (local server, hook scripts) that could increase the blast radius if enabled — review those files before allowing autonomous runs or cron scheduling.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install mempalace-openclaw - 安装完成后,直接呼叫该 Skill 的名称或使用
/mempalace-openclaw触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.6.0
v1.6.0: CRITICAL PATH FIX - archive.ps1 now uses 'python -m mempalace' instead of bare 'mempalace' command to avoid broken .exe shim. config.py auto-detects skill root via .skill_root marker file written by archive.ps1. All paths confirmed writing to skill/palace_data/ (NOT ~/.mempalace). archive: 0.36s, search: 344ms. Based on https://github.com/milla-jovovich/mempalace
v1.5.1
v1.5.1: Final verified - archive/mine/search all confirmed working. archive.ps1 fixed: only sets MEMPALACE_SKILL_ROOT (not PALACE_PATH). All hardcoded ~/.mempalace paths patched in source. palace_data stored under skill directory. No user paths exposed. Includes convos template files (SKILL.md, README.md). Compatible with OpenClaw/XClaw/WorkBuddy/Claude Code via exec tool. Based on https://github.com/milla-jovovich/mempalace
v1.5.0
v1.5.0:主动坦白Security Scan提出的所有问题:说明archive.ps1通过MEMPALACE_PALACE_PATH控制路径、Wikipedia查询有网络请求、pip install写入Python环境、cron由OpenClaw调度而非代码文件、mempalace mine扫描目录范围。目录结构改普通文字(非代码块)。README同步更新。
v1.4.0
v1.4.0: SECURITY FIX - Patched all hardcoded ~/.mempalace paths in source code (config.py, knowledge_graph.py, layers.py, entity_registry.py, split_mega_files.py). All paths now respect MEMPALACE_SKILL_ROOT env var and fall under skill directory. Archive.ps1 sets this env var before calling mempalace CLI. SKILL.md storage claims now match actual code behavior. Based on https://github.com/milla-jovovich/mempalace
v1.3.0
v1.3.0: Full bilingual CN/EN documentation. Added overview section with cost comparison. Fixed section 4/7/8/9 missing Chinese. Added cross-Claw compatibility table. Removed ASCII art that rendered poorly on web. Skill name changed to mempalace-openclaw. Based on https://github.com/milla-jovovich/mempalace
v1.2.0
v1.2.0: Bilingual CN/EN docs. Name changed to mempalace-openclaw. All paths relative to skill dir. MemPalace source fully bundled (pyproject.toml + hooks + requirements included). Palace data stored in ./palace_data/. Compatible with OpenClaw/XClaw/WorkBuddy/Claude Code. Based on https://github.com/milla-jovovich/mempalace
v1.1.0
v1.1.0: All paths are now relative to skill directory (no user paths exposed). MemPalace source bundled inside skill for auto-install. Palace data stored in ./palace_data/. Compatible with OpenClaw/XClaw/WorkBuddy.
v1.0.0
Initial release: /mem-arc (archive), /mem-sea (search), /mem-asave (auto-save). Local storage, semantic search, cross-AI compatible.
元数据
常见问题
MemPalace Memory System for OpenClaw 是什么?
MemPalace memory system for OpenClaw/XClaw/WorkBuddy. Archive AI conversations to local long-term storage with semantic search. Commands: /mem-arc (archive),... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 523 次。
如何安装 MemPalace Memory System for OpenClaw?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install mempalace-openclaw」即可一键安装,无需额外配置。
MemPalace Memory System for OpenClaw 是免费的吗?
是的,MemPalace Memory System for OpenClaw 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
MemPalace Memory System for OpenClaw 支持哪些平台?
MemPalace Memory System for OpenClaw 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 MemPalace Memory System for OpenClaw?
由 deveuper(@deveuper)开发并维护,当前版本 v1.6.0。
推荐 Skills