Memory Manager

OpenClaw专用三层AI记忆管理系统。管理临时记忆(L1)/长期记忆(L2)/永久记忆(L3)，支持向量语义搜索、自动压缩、OpenClaw用户身份识别和跨设备同步。

Key things to consider before installing or enabling this skill: - Source verification: The registry lists 'source: unknown' yet project files reference a GitHub repo. Confirm the repo origin and maintainer trustworthiness (inspect the upstream GitHub repository, commit history, and open issues). Do not install from an untrusted raw URL. - Review install.sh and SKILL.md: Do not run curl | bash blindly. Download the installer and review its contents (install.sh) locally. Prefer manual installation (git clone + inspect + pip install -r requirements.txt) and use the --no-shell-rc option to prevent automatic modification of your shell files. - Protect API keys and tokens: The installer may write API keys into shell RC files or plaintext config files (~/.memory-manager/config.json). Prefer setting EMBED_BACKEND and API keys as environment variables in a controlled way (or use a secrets manager). Avoid providing a GITHUB_TOKEN with broad scopes; if you must, create a token limited to the repository and actions needed. - Restrict data scope and run in isolation first: The skill reads users/*/profile.md and other users' memory files and will perform git operations. If this device contains other users or sensitive files, consider running the skill in an isolated account, VM, or container and set MM_BASE_DIR to a directory you control. - Disable auto-run / auto-enable if possible: If the platform allows, avoid enabling automatic session-start reads until you confirm behavior. If SKILL.md's 'auto_enable' or 'read_when' behavior is configurable, turn off auto-sync and run operations manually at first. - Audit runtime behavior: After installation, inspect created config files (~/.memory-manager, ~/.openclaw/memory), check what environment variables were added to your shell rc, and inspect any cron/systemd jobs or background processes the installer creates (none obvious in the provided files, but verify). - Run tests and dry-run: Use the included tests and the tool's --dry-run options (or run in a sandbox) to verify embedding/sync behavior without pushing data to remote services. - If in doubt, decline GITHUB_TOKEN and avoid entering API keys interactively during install; set EMBED_BACKEND to a 'keyword-only' fallback or use provider keys you can revoke quickly. Given the code matches the advertised functionality but contains privacy-sensitive behavior and metadata inconsistencies, proceed only after the manual reviews above or run in an isolated environment.

Type: OpenClaw Skill Name: pupper0601-memory-manager Version: v3.5.5 The memory-manager skill bundle implements a sophisticated multi-tier AI memory system but performs several high-risk operations. Most notably, the `install.sh` and `memory_onboard.py` scripts modify shell configuration files (`.bashrc`, `.zshrc`) to persist API keys and aliases, and `memory_init.py` stores GitHub tokens in plain text via the `git credential-store`. While these behaviors are explicitly disclosed in the `SKILL.md` security note and are functional for the tool's purpose, they represent significant security risks regarding persistence and credential handling. Additionally, the system requires broad tool permissions (`Bash`, `Write`) and uses an unusual code-like string (`from typing import...`) as an internal data delimiter in `memory_embed.py` and `memory_index.py`, which could potentially lead to unexpected behavior in the AI agent.