← 返回 Skills 市场
206
总下载
0
收藏
1
当前安装
6
版本数
在 OpenClaw 中安装
/install openclaw-local-memory
功能描述
Brain-like local memory plugin for OpenClaw — stores, searches, and injects memories with importance scoring, entity extraction, and automatic consolidation.
安全使用建议
This plugin is coherent with its stated purpose and does not phone home, but it will automatically store conversation content to a JSON file in your home directory by default (and its significance detection will treat strings like api_key/password/token as worth saving). Before installing or enabling it, consider: 1) If you have sensitive info (passwords, API keys, PII), disable autoCapture (set autoCapture=false) or increase minSignificanceScore so fewer things are persisted. 2) If you must store memories, use a custom containerTag and restrict file permissions on ~/.openclaw/memory/*.json; back up/encrypt those files if needed. 3) Use local_memory_forget / local_memory_wipe to remove unwanted entries and test wiping behavior. 4) Because the skill can run autonomously and inject memories into prompts, audit what gets injected (profileFrequency, maxMemoryInjections, contextBudget) to avoid leaking sensitive context into model prompts. 5) Source/homepage are absent — you may want to review the included source code (present in the package) or only install from a trusted publisher. If you want tighter guarantees, request encryption-at-rest or opt-in-only capture from the author before using with sensitive conversations.
功能分析
Type: OpenClaw Skill
Name: openclaw-local-memory
Version: 0.4.2
The plugin implements a local memory system that intentionally captures and stores sensitive information, including credentials such as API keys, passwords, and tokens, in unencrypted JSON files located in the user's home directory (~/.openclaw/memory/). This behavior is defined by regex patterns in lib/hooks.ts and the storage logic in lib/store.ts. While the intent appears to be providing a 'brain-like' memory for the agent, the specific targeting of secrets for plaintext local storage creates a high-risk vulnerability for credential theft by other local processes, though no evidence of remote exfiltration was found.
能力评估
Purpose & Capability
The name/description match the implementation: a local memory plugin using TF-IDF/tokenization, entity extraction and scoring, storing data under ~/.openclaw/memory/<containerTag>.json. The code uses only Node built-ins (fs, path, os, crypto) and no external services, which aligns with the 'zero-config / 100% local' claim.
Instruction Scope
The runtime instructions and code register hooks to auto-capture user/assistant exchanges (api.on 'before_agent_start' and 'agent_end') and to auto-inject memories (autoRecall). Significance detection explicitly flags credential-like patterns (api_key, password, token) and will capture them if they cross the significance threshold. Captured data is written to disk in plaintext; the code does not show encryption or an opt-out for credential categories beyond configurable minSignificanceScore/autoCapture. This behavior is coherent with the purpose but has privacy implications (sensitive strings may be persisted).
Install Mechanism
There is no install spec; this is effectively an instruction+source bundle. package.json shows only peer dependency on openclaw and no external package installs. No downloads or third-party registries are used.
Credentials
The skill requests no environment variables, no credentials, and no special config paths beyond its own home-dir JSON file. That is proportionate to a local memory plugin. Note: although it does not require credentials, it will scan and may persist credential-like strings from conversation content.
Persistence & Privilege
always:false and no elevated system modifications are requested. However, autoCapture and autoRecall default to true and disable-model-invocation is false, so the skill can autonomously capture and inject memories during normal agent runs — increasing privacy blast radius compared with a purely on-demand tool. Data is long-lived in the user's home directory (~/.openclaw/memory/<container>.json). The plugin sanitizes the containerTag to avoid path traversal.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install openclaw-local-memory - 安装完成后,直接呼叫该 Skill 的名称或使用
/openclaw-local-memory触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v0.4.2
Security hardening: Path traversal protection for containerTag, sanitization function added
v0.4.1
Context optimization: max 3 memories per recall, max 2000 chars injected, stricter significance threshold (0.5), higher profile frequency (15), smaller chunk sizes, relevance-weighted scoring
v0.4.0
Complete brain-like rewrite: importance scoring with decay, significance detection, entity extraction, semantic chunking, profile building, multi-factor recall scoring, context pruning, memory consolidation
v0.3.0
Added smart capture with significance detection, periodic capture, context pruning signals, and auto-pruning of old memories
v0.2.0
Zero-config: removed Ollama dependency, pure TF-IDF search, no external API needed, 100% local
v0.1.0
Beta: semantic memory, auto-capture/recall, Ollama embeddings
元数据
常见问题
Openclaw Local Memory 是什么?
Brain-like local memory plugin for OpenClaw — stores, searches, and injects memories with importance scoring, entity extraction, and automatic consolidation. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 206 次。
如何安装 Openclaw Local Memory?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install openclaw-local-memory」即可一键安装,无需额外配置。
Openclaw Local Memory 是免费的吗?
是的,Openclaw Local Memory 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
Openclaw Local Memory 支持哪些平台?
Openclaw Local Memory 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Openclaw Local Memory?
由 FlexRox(@flexrox)开发并维护,当前版本 v0.4.2。
推荐 Skills