← 返回 Skills 市场

Neverforget

Name: Neverforget
Author: greatape42069

作者 GreatApe42069 · GitHub ↗ · v1.0.4

cross-platform ⚠ suspicious

818

总下载

当前安装

版本数

在 OpenClaw 中安装

/install neverforget

功能描述

Automates Sovereign Local Vector Memory and Gemma-300M Embeddings. Manage local vector embeddings, model configuration, and memory health monitoring without...

安全使用建议

Before installing, carefully consider the following: (1) This skill intends to index large parts of your home directory (~) and will change global OpenClaw memory settings and restart the gateway — review and backup ~/.openclaw/openclaw.json first. (2) Confirm the exclusion rules cover all places you consider sensitive; exclusions like **/.ssh/**, **/.aws/** and **/.env** are present but may be incomplete for your environment. (3) The skill will append a HEARTBEAT.md into your workspace and may follow symlinks (different files give contradictory guidance) — do not create symlinks to sensitive external stores if you want them excluded. (4) The install path uses pnpm and downloads a model from Hugging Face (and references an hf-mirror); verify network endpoints and mirror trust before allowing downloads. (5) Prefer running this skill first in an isolated account, container, or VM to observe behavior and disk usage (model downloads can be large). (6) When prompted to run the auto-install script, review the commands line-by-line and decline if you do not accept global config changes or broad indexing. If you want to proceed safely: restrict the filesystem permissions in package.json to only the specific project paths you need, remove symlink recommendations, and test indexing on a small sample directory first.

功能分析

Type: OpenClaw Skill Name: neverforget Version: 1.0.4 The skill requests broad filesystem access (`~/`) for its stated purpose of 'full-environment indexing', which is a high-risk capability. However, it explicitly implements strong security measures to prevent data exfiltration by excluding sensitive directories like `~/.ssh`, `~/.aws`, `~/.env`, browser data, and GPG keys from being indexed, as seen in both `SKILL.md` and `package.json`. The install script and agent instructions in `SKILL.md` and `HEARTBEAT.md` are aligned with local memory management and reinforce these security exclusions. While the broad `~/` permission is concerning, the clear and intentional hardening against secrets exposure prevents classification as 'malicious'. The network access is limited to legitimate package and model download sites (pnpm.io, huggingface.co).

能力评估

ℹ Purpose & Capability

The declared purpose (setup local embeddings with node-llama-cpp and Gemma-300M) matches the instructions to install node-llama-cpp, set the local provider, and download a Hugging Face model. However the package.json and SKILL.md ask for broad filesystem indexing (~/) and network access (huggingface, pnpm, npm registry, and an hf-mirror), which is functionally plausible for a full 'sovereign memory' system but is broad in scope and higher-privilege than many users would expect for a single skill.

⚠ Instruction Scope

Runtime instructions include writing/appending HEARTBEAT.md into ~/.openclaw/workspace, changing global OpenClaw config (agents.defaults.memorySearch.*), running openclaw gateway restart, and triggering openclaw memory index which will crawl user files. The skill's docs/templating give mixed guidance about symlinks (one file warns 'Do not use symlinks', another encourages creating symlinks to include external directories), which is an internal inconsistency that could dramatically expand what gets indexed. These instructions perform persistent, system-wide changes and can cause broad data collection if allowed.

ℹ Install Mechanism

This is instruction-only (no install spec), so nothing is automatically written by a packaged installer. The suggested install uses pnpm to add node-llama-cpp (standard package manager usage) and relies on downloading a model from Hugging Face via the provider path. No arbitrary IP/paste/shortener URLs are present, but package.json lists an additional network entry 'hf-mirror.com' (third-party mirror) — worth verifying the mirror's trustworthiness.

⚠ Credentials

The skill declares no required environment variables but the included openclaw manifest requests wide filesystem permissions (~/, ~/.openclaw, etc.) and network access to package/model registries. Indexing the entire home directory is disproportionate for many users because it can include secrets and private data; the manifest attempts to exclude common secret stores (.ssh, .aws, .env, .gnupg) but exclusion lists are error-prone and may miss other sensitive files. The ability to follow symlinks (documented elsewhere) could further expand access.

⚠ Persistence & Privilege

The instructions modify global OpenClaw configuration keys (agents.defaults.memorySearch.*), append content to the user's workspace HEARTBEAT.md, restart the gateway, and trigger indexing. Changing global agent defaults and restarting the gateway are system-wide operations that affect other agents and the host environment — this is beyond a purely local skill's internal scope and increases blast radius if misconfigured.

如何使用

确保已安装 OpenClaw（本地或 Docker 部署）
在对话框中输入安装命令：/install neverforget
安装完成后，直接呼叫该 Skill 的名称或使用 /neverforget 触发
根据 Skill 的参数说明提供必要输入，即可获得结构化输出

版本历史

v1.0.4

- Hardened exclusion rules for memory indexing by skipping secret directories such as .ssh, .aws, and .env - Improved compliance with ClawHub security audit requirements - Documentation and install script updated to reflect new exclusion logic - No changes to functional code; update focused on enhanced security configuration

v1.0.3

neverforget 1.0.3 introduces safer, idempotent local memory setup and recursive loop protection. - Added pre-check logic and exclusion rules to prevent recursive memory loops during indexing. - Expanded and clarified setup instructions, with an enhanced auto-install script that verifies dependencies and prevents redundant installs. - Updated documentation for sandbox customization, memory health monitoring, and exclusion best practices. - New files: origin metadata (.clawhub/origin.json) and a universal memory template (ULTIMATEMEMORYtemplate.md) added.

v1.0.2

neverforget v1.0.2 - Added _meta.json file for improved metadata support. - Updated SKILL.md: corrected Phase 4 Heartbeat injection path in the install script (now references HEARTBEAT.md in the main skill folder instead of the subdirectory). - Version bump from 1.0.1 to 1.0.2.

v1.0.1

- Added a new Security & Privacy Disclosure section detailing how local Dogecoin data is handled. - Clarified that data indexing is local and does not leave the machine. - Provided a risk disclaimer regarding access to node configurations and recommended password-protecting wallet.dat.

v1.0.0

neverforget 1.0.0 - Initial release automating Sovereign Local Vector Memory. - Adds symlink bridging for Dogecoin and related infrastructure. - Integrates Gemma-300M for offline project knowledge and embeddings. - Includes a heartbeat monitor for memory health checks. - Provides auto-install script for quick setup and configuration.

元数据

Slug neverforget

版本 1.0.4

许可证 —

累计安装 3

当前安装数 2

历史版本数 5

常见问题

Neverforget 是什么？

Automates Sovereign Local Vector Memory and Gemma-300M Embeddings. Manage local vector embeddings, model configuration, and memory health monitoring without... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件，目前累计下载 818 次。

如何安装 Neverforget？

在 OpenClaw 或 Claude Code 对话框中运行命令「/install neverforget」即可一键安装，无需额外配置。

Neverforget 是免费的吗？

是的，Neverforget 完全免费（开源免费），可自由下载、安装和使用。

Neverforget 支持哪些平台？

Neverforget 跨平台运行，可在任意部署了 OpenClaw / Claude Code 的环境中使用（cross-platform）。

谁开发了 Neverforget？

由 GreatApe42069（@greatape42069）开发并维护，当前版本 v1.0.4。