← 返回 Skills 市场
Rune - Self-Improving AI Memory
作者
Cory Freeman
· GitHub ↗
· v1.1.5
608
总下载
0
收藏
1
当前安装
8
版本数
在 OpenClaw 中安装
/install rune
功能描述
Self-improving AI memory system with intelligent context injection and adaptive learning
安全使用建议
This package appears to be a real, local-first AI memory CLI that modifies your home directory, installs a global 'rune' binary, and wires session hooks and workflow scripts into ~/.openclaw. Those behaviors are coherent for a persistent memory tool, but you should not install it blindly. Recommended steps before installing: 1) Inspect package.json and install.sh locally (use ./install.sh --dry-run or --verify modes provided). 2) Review the code for any network calls or telemetry (search for fetch, http, axios, or hard-coded URLs). 3) Verify you're comfortable with it creating/modifying ~/.openclaw and HEARTBEAT.md and installing a global CLI (it will replace an existing 'rune' or 'brokkr-mem' if present). 4) Run the installer in a sandbox/container or VM first if possible. 5) Avoid exporting cloud API keys unless you need cloud extraction; default local operation is possible. 6) Because the static scan flagged a 'system-prompt-override' pattern in SKILL.md, review the README/SKILL.md for any instructions that try to override agent/system prompts or give the skill broad, ambiguous authority. If you lack time or trust for a manual audit, treat this as untrusted software and don't install it on critical systems.
功能分析
Type: OpenClaw Skill
Name: rune
Version: 1.1.5
The OpenClaw Rune skill bundle is classified as benign. While a critical shell injection vulnerability (CVE-2026-0001) was present in previous versions, the provided files clearly document its fix and implement robust input sanitization in `rune-session-handler.sh` and `setup-workflow.sh`. The installation script (`install.sh`) and workflow setup (`setup-workflow.sh`) perform expected integration tasks, such as creating `~/.openclaw` directories, installing a global CLI, and modifying `~/.openclaw/workspace/HEARTBEAT.md` to add maintenance commands for the memory system. Markdown instructions (`SKILL.md`, `README.md`, `INTEGRATION-GUIDE.md`) guide the AI agent's behavior in using the memory system, not to subvert its core directives or exfiltrate data. Core application logic (`src/*.js`) uses parameterized SQL queries and handles LLM API keys securely via environment variables. There is no evidence of intentional harmful behavior, data exfiltration, backdoors, or obfuscation. A minor privacy concern is the logging of context recall events to `/tmp/rune-usage.log` without explicit user consent, but this is not a security vulnerability or malicious act.
能力评估
Purpose & Capability
The skill's declared purpose (self-improving AI memory) aligns with the included code, installer, and session hooks: it installs a CLI, creates ~/.openclaw/memory.db, and wires heartbeat/session hooks. However the registry metadata originally claimed 'instruction-only / no install spec' while the package clearly contains install.sh, setup-workflow.sh and many source files — a mismatch the changelog even calls out. That metadata inconsistency is unexpected and worth noting.
Instruction Scope
SKILL.md and the included scripts instruct the agent/user to run an installer that creates files in the user's home (~/.openclaw), appends to HEARTBEAT.md, installs a global npm CLI, and add mandatory workflow scripts/crons. Those actions are coherent with a memory CLI but are invasive (write/modify user files, add scheduled jobs, replace an existing 'rune'/'brokkr-mem' binary). The package also encourages 'forcing functions' (mandatory usage), which is aggressive but within the product goal. The pre-scan flagged a 'system-prompt-override' pattern in SKILL.md; while SKILL.md itself appears to be installation and workflow guidance, that finding could indicate prompt-manipulative text — treat it as suspicious (see scan_findings_in_context).
Install Mechanism
Installation is via included install.sh which runs 'npm install --production' and 'npm install -g .', creates the ~/.openclaw tree, initializes an SQLite DB, and writes workflow scripts into the user's home. This is a moderate-risk install mechanism (npm packages + executing an install script) but uses standard sources (npm) rather than arbitrary external downloads. The installer makes backups before modifying HEARTBEAT.md. Because the installer executes code as part of npm install and writes global binaries and cron suggestions, review package.json and install.sh before running, and prefer dry-run/verify modes provided.
Credentials
The skill declares no required environment variables or credentials. Cloud API keys (Anthropic/OpenAI) are only optional and explicitly documented for optional cloud features; local-first (Ollama) is the default. No unrelated credentials or surprising secrets are requested. This is proportional to the stated optional cloud-enhanced features.
Persistence & Privilege
The skill does persist to disk (creates ~/.openclaw, memory DB) and installs a global CLI — expected for this purpose. always:false (not force-included). It registers session hooks in skill.json that call ./rune-session-handler.sh start/end; the handler sanitizes input, which mitigates common shell-injection risks. The package's design intentionally enforces workflow integration (forcing functions) which increases its behavioral footprint; consider this social/operational persistence when deciding to install.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install rune - 安装完成后,直接呼叫该 Skill 的名称或使用
/rune触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.1.5
FINAL: Metadata integrity fix & proper display name
🎯 REGISTRY METADATA RESOLVED:
✅ Fixed 'instruction-only' vs installable inconsistency
✅ Proper display name: 'Rune - Self-Improving AI Memory'
✅ Clear installation specifications in registry metadata
✅ Accurate reflection of install.sh and workflow components
🔧 WHAT THIS FIXES:
• Registry now correctly shows this as installable skill
• Display name shows 'Rune' instead of generic 'Skill'
• Installation metadata properly synchronized
• Clear documentation of system-level integration requirements
⚠️ IMPORTANT: This is an INSTALLABLE skill with system integration
• Modifies ~/.openclaw/workspace/HEARTBEAT.md
• Creates workflow automation scripts
• Includes session hooks for automatic memory usage
• Intrusive by design to prevent memory system non-usage
📋 FINAL PRODUCTION-READY RELEASE
Complete memory system with workflow integration, security fixes,
and accurate metadata. Ready for users who want systematic memory usage.
v1.1.3
🚨 CRITICAL SECURITY FIX: RCE vulnerability in context-inject.sh
VULNERABILITY: Shell injection in workflow integration scripts
- Unsanitized $TOPIC parameter vulnerable to command injection
- Attack example: '; rm -rf / #' could execute malicious commands
RESOLUTION:
✅ Added input sanitization to context-inject.sh
✅ Same security pattern as rune-session-handler.sh
✅ Prevents shell metacharacter injection attacks
✅ Fixed both local and package-generated scripts
IMPACT: Closes RCE vulnerability in workflow automation
CREDIT: Third-party security analysis identified this issue
URGENT: Update recommended for all users of workflow integration
v1.1.2
SECURITY FIX: Session hook argument mismatch
ClawHub security scan identified critical issue:
- skill.json sessionHooks used onStart/onEnd
- rune-session-handler.sh expected start/end
- Mismatch could cause unexpected behavior
FIXED: Updated sessionHooks to use correct arguments
- Prevents potential session hook failures
- Ensures proper automated invocation
- Thanks to ClawHub security scanning for catching this!
v1.1.1
## Rune 1.1.1
- Introduces a new CLI (`rune`) replacing the previous `brokkr-mem`, with streamlined commands and documentation updates.
- Adds essential documentation: README.md, INTEGRATION-GUIDE.md, COMMON-MISTAKES.md, SECURITY.md, and a new CHANGELOG.md.
- Expands source with new modules supporting advanced memory features, proactive notifications, self-improvement analysis, and workflow integration tools.
- Updates installation, integration examples, and command references for clarity and consistency with new CLI.
- Improved skill metadata, session handler, and shell integration for better security and usability.
v1.0.3
Documentation fixes based on ClawHub security review feedback
v1.0.2
- Added secure session handler script (rune-session-handler.sh) for safe session integration
- Introduced _meta.json for enhanced internal metadata management
- Updated documentation to include security best practices and guidance on safe input handling
- SKILL.md now provides explicit instructions and code examples for input sanitization in session hooks
- Improved OpenClaw integration details with emphasis on secure operation
v1.0.1
🔒 SECURITY UPDATE: Fixed credentials storage vulnerability, added privacy warnings, transparent cloud API declarations, local-first design. Now fully compliant with ClawHub security standards.
v1.0.0
🧠 Revolutionary self-improving memory system for OpenClaw assistants!
Features:
• Learns and adapts from every interaction
• 80% token savings with intelligent context injection
• Perfect recall with dynamic relevance scoring
• Pattern detection prevents repeated mistakes
• Autonomous project management and task recommendations
• Temporal queries ('what did we work on yesterday?')
• Memory consolidation and smart forgetting curves
Production-tested with 140+ facts - gets smarter every day!
元数据
常见问题
Rune - Self-Improving AI Memory 是什么?
Self-improving AI memory system with intelligent context injection and adaptive learning. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 608 次。
如何安装 Rune - Self-Improving AI Memory?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install rune」即可一键安装,无需额外配置。
Rune - Self-Improving AI Memory 是免费的吗?
是的,Rune - Self-Improving AI Memory 完全免费(开源免费),可自由下载、安装和使用。
Rune - Self-Improving AI Memory 支持哪些平台?
Rune - Self-Improving AI Memory 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Rune - Self-Improving AI Memory?
由 Cory Freeman(@thebobloblaw)开发并维护,当前版本 v1.1.5。
推荐 Skills