← 返回 Skills 市场
415
总下载
0
收藏
0
当前安装
4
版本数
在 OpenClaw 中安装
/install memvault
功能描述
Production-ready long-term memory server for AI agents with Ebbinghaus decay and strength-weighted retrieval. Use when you need persistent memory across agen...
安全使用建议
This package is functionally consistent with a self‑hosted long‑term memory server, but take caution before running the installer. Review scripts/install.sh and avoid blindly running curl | sh from the network; consider installing Ollama manually or configuring MEMVAULT_LLM_BASE_URL to a known local endpoint. Update the default DB password (postgres/postgres) and confirm where MEMVAULT_LLM_BASE_URL points — if you set it to a cloud LLM (OpenAI/Groq), your stored memories will be transmitted to that provider. If you must test, run inside an isolated environment (VM/container) and inspect docker-compose and Dockerfile builds so you can audit downloaded models and packages. If you want lower risk, you can skip the auto‑installer and manually start the docker-compose build after reviewing files.
功能分析
Type: OpenClaw Skill
Name: memvault
Version: 1.0.3
The skill is classified as suspicious due to multiple vulnerabilities. The `scripts/install.sh` uses `curl -fsSL https://ollama.com/install.sh | sh` for Ollama installation, which is a supply chain risk as it executes unreviewed remote code. More critically, `scripts/memvault.sh` is vulnerable to shell injection, as the `user_id` parameter in `decay` and `stats` commands is directly interpolated into `curl` URLs without proper shell escaping, potentially allowing arbitrary command execution. Additionally, `memvault_server.py` has a potential LLM prompt injection vulnerability in its translation function, where LLM-generated summaries could theoretically manipulate a local LLM.
能力评估
Purpose & Capability
The code, Dockerfile, docker-compose, and CLI match the stated purpose (a long‑term memory server with embeddings, decay, and retrieval). However the registry metadata says 'required env vars: none' while the code and docker-compose rely on many environment variables (DB DSN, LLM base URL, API key, embedding URL, etc.). That mismatch is unexpected but plausibly an omission rather than outright malice.
Instruction Scope
SKILL.md instructs you to run the included install script and then call local endpoints and cron jobs. The runtime instructions themselves are scoped to installing and operating the service (memorize, retrieve, decay). They do not instruct arbitrary file system reads. Caveat: troubleshooting text references an OpenClaw workspace path which may not exist in all installs (minor inconsistency).
Install Mechanism
The provided scripts/install.sh will attempt to auto-install Ollama on Linux by executing a remote script via curl -fsSL https://ollama.com/install.sh | sh — this is a high‑risk pattern (running a remote installer without review). The installer also starts background processes (ollama serve) and runs docker compose up --build which will download images, pip packages, and pre-download embedding models during the Docker build. These are expected for this project but are higher risk than an instruction-only skill; review the installer and the remote install script before running.
Credentials
Although the registry metadata declared no required environment variables, the code and docker-compose rely on many env vars (MEMVAULT_DB_DSN, MEMVAULT_LLM_BASE_URL, MEMVAULT_LLM_API_KEY, MEMVAULT_EMBEDDING_URL, etc.). Defaults include cleartext DB credentials (postgres/postgres) in the compose file and the installer creates a .env. If you point MEMVAULT_LLM_BASE_URL to a public/cloud LLM (OpenAI, etc.), memories and potentially sensitive content will be sent to that provider. The skill may therefore handle secrets/PII; you should explicitly set appropriate credentials and endpoints and avoid using public LLMs if you want to keep data local.
Persistence & Privilege
The skill does not request permanent platform presence (always:false). Installer creates a CLI symlink in ~/.local/bin and writes a .env in the skill directory and uses a Docker volume for DB persistence; these are normal for a self‑hosted service and do not modify other skills or system-wide agent settings.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install memvault - 安装完成后,直接呼叫该 Skill 的名称或使用
/memvault触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.3
Fix: rename extensionless files (Dockerfile.txt, memvault.sh, env.example.txt) for clawhub packaging
v1.0.2
Fix: include Dockerfile, CLI, env.example (renamed from .env.example for clawhub compat)
v1.0.1
Fix: re-publish for registry indexing
v1.0.0
Initial release: Ebbinghaus decay, strength-weighted retrieval, Docker one-command setup, multi-agent tracking, CLI tool
元数据
常见问题
MemVault 是什么?
Production-ready long-term memory server for AI agents with Ebbinghaus decay and strength-weighted retrieval. Use when you need persistent memory across agen... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 415 次。
如何安装 MemVault?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install memvault」即可一键安装,无需额外配置。
MemVault 是免费的吗?
是的,MemVault 完全免费(开源免费),可自由下载、安装和使用。
MemVault 支持哪些平台?
MemVault 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 MemVault?
由 wjy9902(@wjy9902)开发并维护,当前版本 v1.0.3。
推荐 Skills