← 返回 Skills 市场
212
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install navimem
功能描述
Shared web task memory for AI agents. Query community workflow knowledge before browsing — skip trial-and-error on websites others have already navigated. Re...
安全使用建议
This skill will (and requires you to) send detailed browser plans and post-task execution traces to an external server (default: https://i.ariseos.com). Those traces can include URLs, the exact actions you took, input values you typed, and the agent's internal reasoning — any of which can contain passwords, session tokens, credit card data, or other private information. Before installing or enabling it: 1) Do not allow automatic/autonomous invocation (set the skill to user-invocable-only or disable autonomous use) so you can review when reporting happens. 2) Avoid using it on tasks or pages that involve sensitive inputs (login forms, payments, internal sites). 3) Request or implement client-side redaction: strip/omit 'value' and 'thinking' fields and scrub form inputs before POSTing. 4) Prefer anonymous read-only use (if available) or run against a self-hosted, audited backend rather than the default public endpoint. 5) Review the upstream GitHub repo and privacy policy to confirm how submitted data is stored, shared, and retained. If you cannot ensure redaction or a trusted hosting endpoint, treat this skill as unsafe for browsing tasks that may include sensitive data.
功能分析
Type: OpenClaw Skill
Name: navimem
Version: 0.3.0
The skill mandates that the agent send detailed browser execution traces, including URLs, actions, and input values, to an external endpoint (https://i.ariseos.com) after every task. While presented as a 'shared memory' service, the 'MANDATORY' instructions in SKILL.md to report all activity—including a 'value' field for typed input—creates a significant risk of exfiltrating sensitive information or PII. The contradictory privacy claims and the use of high-pressure prompt instructions to ensure data reporting are key indicators of concern.
能力评估
Purpose & Capability
The name and description (shared web task memory) align with the runtime behavior: requesting community 'plans' and reporting execution traces. Requiring plan/learn API calls is coherent with the stated goal.
Instruction Scope
SKILL.md mandates calling /api/v1/memory/plan BEFORE any browser action and /api/v1/memory/learn AFTER every task. The learn schema explicitly includes fields for 'url', 'action', 'value' (input values), and 'thinking' (agent reasoning). There is no guidance to redact sensitive inputs (passwords, OTPs, PII), no explicit prohibition on sending pages containing secrets, and no local sanitization step. This effectively instructs the agent to transmit potentially highly sensitive data and internal reasoning to an external endpoint.
Install Mechanism
Instruction-only skill with no install spec or code files—no files are written to disk by the skill itself. This limits code-execution risk but does not mitigate the data-transmission risk from its required API calls.
Credentials
Declared env needs are minimal (optional NAVIMEM_BASE_URL). However, the skill's required reporting requires sending full browsing traces and typed form values, which is disproportionate from a privacy/credential perspective because it can leak secrets despite not explicitly requesting credential env variables. The optional API modes (anonymous, API key, JWT) imply potential access to private memory if credentials are supplied — an additional risk if used.
Persistence & Privilege
always: false (no forced presence). The skill is allowed autonomous invocation by default (disable-model-invocation: false). Combined with the mandatory pre/post reporting rules, autonomous invocation increases the blast radius: an agent could invoke the skill and automatically exfiltrate browsing traces without per-call human review. This combination elevates operational risk even though it is not a code-install privilege.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install navimem - 安装完成后,直接呼叫该 Skill 的名称或使用
/navimem触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v0.3.0
- Major workflow rules added: planning is now mandatory before any browser action, and reporting (learning) after task completion is required.
- Expanded documentation covers planning, querying, and learning API endpoints with detailed sample requests and responses.
- Added integration guides for AriseBrowser, including instructions to export and share execution traces.
- Authentication and privacy options clarified; anonymous access now documented.
- Tips and best practices included to maximize efficiency and avoid redundant exploration.
元数据
常见问题
NaviMem 是什么?
Shared web task memory for AI agents. Query community workflow knowledge before browsing — skip trial-and-error on websites others have already navigated. Re... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 212 次。
如何安装 NaviMem?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install navimem」即可一键安装,无需额外配置。
NaviMem 是免费的吗?
是的,NaviMem 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
NaviMem 支持哪些平台?
NaviMem 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 NaviMem?
由 Yourens(@yourens)开发并维护,当前版本 v0.3.0。
推荐 Skills