OpenClaw Memory System

让 OpenClaw 真的记住用户偏好、事实和上下文的长期记忆 skill。适用于你受不了每次新会话都要重复背景、希望 agent 能跨会话记住信息、并且想直接拥有可搜索、可持久化、可自动注入的记忆系统时使用。不是手工记笔记，而是一个已经做好的可运行记忆能力。

This skill implements a full local memory system and a payments integration; it's coherent but has noteworthy risks you should address before installing: - Secrets & privacy: The analyzer/hook system will extract and persist arbitrary content from conversations (the README even shows examples like storing API keys). If you or your users might send secrets in chat, those can end up in the local DB and be reinjected into later prompts. Consider adding filtering to the analyzer or disabling automatic extraction. - Undeclared environment variables: The package expects env vars (PAYMENT_WALLET, PAYMENT_CALLBACK_URL, OPENAI_API_KEY, OPENCLAW_MEMORY_WALLET, MEMORY_DEDUPLICATE, etc.) but none are declared in the registry metadata. Set PAYMENT_WALLET only to a wallet you control, and do not expose a funded wallet to autonomous agents unless you intend them to pay. - Default wallet behavior: The hookpack uses OPENCLAW_MEMORY_WALLET with a hardcoded fallback ('assistant-shrimp-main'), which can cause data to be written under a shared identity even when no agentWallet is present. If you install, set OPENCLAW_MEMORY_WALLET explicitly or remove the default to avoid cross-agent mixing. - Payments & trust model: The x402 MVP trusts reported tx_hash values (no on-chain verification). Treat Pro activations as not securely verified until you implement on-chain verification. Do not grant a real production PAYMENT_WALLET or fund an agent wallet without reviewing the payment code. - Recommended actions before install: review analyzer code to ensure sensitive fields are redacted; configure environment variables (no defaults); run the skill in a sandboxed environment; set MEMORY_DEDUPLICATE and retention policies; and if you intend humans to approve payments, disable autonomous payment flows or restrict agent wallet usage. If you want, I can point to exact lines/files to inspect or produce a short checklist of variables and code paths to change prior to installation.

Type: OpenClaw Skill Name: shrimp-openclaw-memory Version: 1.0.1 The skill implements a long-term memory system for OpenClaw agents with an integrated monetization layer using the x402 payment protocol. While the code appears functional and follows its stated purpose, it introduces significant risks: `src/dashboard.js` launches a REST API server on port 9091 that lacks any authentication, potentially exposing sensitive stored memories (including facts and user preferences) to any process on the local network. Additionally, the instructions in `SKILL.md` and `AGENT-PAYMENTS.md` encourage agents to autonomously evaluate and execute financial transactions (USDT payments), which, combined with the unauthenticated API, creates a high-risk environment for unauthorized data access or unintended financial loss.