← 返回 Skills 市场
jackxc2026

Semantic Memory

作者 Jackxc2026 · GitHub ↗ · v1.0.0 · MIT-0
cross-platform ⚠ suspicious
99
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install semantic-memory
功能描述
OpenClaw Agent 中文长期记忆系统。jieba TF-IDF + 向量检索三轨混合,中文语义优先,支持多Agent记忆协同。触发词:向量数据库、记忆检索、长期记忆、语义搜索、vector search、memory retrieval
安全使用建议
This skill implements the described memory/search functionality, but take these precautions before installing/running: 1) Do not run the ChromaDB server bound to 0.0.0.0 on a machine you don't trust or that is network-accessible; prefer localhost (127.0.0.1) or enable authentication/proxying. 2) Be careful with import_memory.py: if you pass a directory path, it will recursively read and upload .md files — avoid pointing it at system, home, or other sensitive directories. 3) The TF-IDF cache uses Python pickle; treat the cache directory as sensitive and ensure it's not writable by untrusted users/processes (an attacker-modified pickle could lead to code execution on load). 4) Review and, if needed, harden defaults in start_chroma.sh and README (host, port, API auth) before use. 5) Only run this skill and its scripts if you trust the source; if unsure, request the author to change defaults to bind to localhost and to use a safer cache format (e.g., JSON) or validate pickle integrity.
功能分析
Type: OpenClaw Skill Name: semantic-memory Version: 1.0.0 The skill provides a legitimate Chinese-optimized memory system, but it contains significant security vulnerabilities. Specifically, `scripts/vector_search.py` uses the `pickle` module to load and save TF-IDF indices, which is a well-known vector for Remote Code Execution (RCE) if the cache directory is compromised. Additionally, `scripts/start_chroma.sh` configures the database to listen on all network interfaces (`0.0.0.0`) by default, increasing the network attack surface. While these appear to be unintentional design flaws rather than intentional malware, they represent high-risk behaviors.
能力评估
Purpose & Capability
Name/description (Chinese-focused hybrid TF-IDF + vector memory) match the included code: vector_search.py, import_memory.py and a ChromaDB start script implement exactly that behavior. The dependencies (chromadb, jieba) and local cache/TF-IDF index are consistent with the described purpose.
Instruction Scope
Runtime instructions tell users to run a ChromaDB HTTP server (defaults to --host 0.0.0.0) and to import files from a filesystem directory. import_memory.py can recursively read and upload any .md files from a specified path (user-supplied or default), which could cause accidental ingestion of sensitive local data if misused. The start script and README default to binding the DB to 0.0.0.0 (network-exposed) without providing an example of securing it; that broad network exposure is a security concern.
Install Mechanism
No install spec (instruction-only) and included scripts are plain Python/bash files. Nothing is downloaded from unknown URLs or executed from remote sources during install. This limits supply-chain risk, though running the provided commands will write log/cache files to disk.
Credentials
The skill does not request secrets or credentials and uses a small set of environment variables (CHROMA_HOST/CHROMA_PORT/CHROMA_PATH/TFIDF_CACHE) which are reasonable for configuring a local DB. However, defaults (host=0.0.0.0, port=8000, path=./vector_db, cache dir ./tfidf_cache) are permissive and can expose data if not adjusted. No unexplained credentials or external endpoints are requested.
Persistence & Privilege
always is false and the skill does not attempt to modify other skills or global agent config. It will create local cache files and logs (TF-IDF pickle cache, chroma_server.log). A notable persistence risk: TF-IDF cache is serialized with Python pickle and later unpickled; if an attacker can overwrite the cache file, unpickling could execute arbitrary code.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install semantic-memory
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /semantic-memory 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
v1.0.0: 中文语义优先三轨混合检索
元数据
Slug semantic-memory
版本 1.0.0
许可证 MIT-0
累计安装 0
当前安装数 0
历史版本数 1
常见问题

Semantic Memory 是什么?

OpenClaw Agent 中文长期记忆系统。jieba TF-IDF + 向量检索三轨混合,中文语义优先,支持多Agent记忆协同。触发词:向量数据库、记忆检索、长期记忆、语义搜索、vector search、memory retrieval. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 99 次。

如何安装 Semantic Memory?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install semantic-memory」即可一键安装,无需额外配置。

Semantic Memory 是免费的吗?

是的,Semantic Memory 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。

Semantic Memory 支持哪些平台?

Semantic Memory 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 Semantic Memory?

由 Jackxc2026(@jackxc2026)开发并维护,当前版本 v1.0.0。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191113 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 留言讨论