← 返回 Skills 市场
604
总下载
1
收藏
0
当前安装
2
版本数
在 OpenClaw 中安装
/install smart-memory-manager
功能描述
Intelligent memory management for agents with short/long-term memory layering, semantic search, auto summarization, RAG enhancement
安全使用建议
This skill appears functionally consistent with a memory manager, but two practical risks deserve attention: (1) It will fetch third-party modules from deno.land at runtime — review and pin/ vendor those dependencies if you want to avoid implicit network-loaded code. (2) The load/save API accepts arbitrary file paths and uses Deno.readTextFile/Deno.writeTextFile; if the agent runtime has filesystem permissions, an attacker or misconfigured agent could read sensitive local files (for example dotfiles, credentials) and return their contents via search/list/summarize. Before installing: ensure your agent runtime is constrained (e.g., run in a sandbox or deny filesystem access), only use safe persistPath locations you control, inspect or vendor the imported deno.land modules, and avoid granting this skill broad autonomous privileges. If you need help limiting its filesystem capabilities or auditing the remote imports, consider code-reviewing and running the skill in an isolated environment first.
功能分析
Type: OpenClaw Skill
Name: smart-memory-manager
Version: 1.0.1
The skill provides memory management with file persistence but contains a path traversal vulnerability. The `load` and `save` actions in `index.ts` allow reading and writing files using a user-provided `persistPath` without any sanitization or validation, potentially allowing access to sensitive files outside the intended directory. While this is a significant security flaw, it appears to be a vulnerability rather than intentional malice.
能力评估
Purpose & Capability
Name/description and the code align: it implements short/long/important memory layers, search, summarization, and save/load persistence. File I/O and simple semantic/keyword search are reasonable capabilities for a memory manager.
Instruction Scope
SKILL.md and the API expose load/save with an unrestricted persistPath parameter. The implementation uses Deno.readTextFile to load any path and returns memory contents via list/search/summarize — this enables reading arbitrary files and returning their contents, which is outside a narrow 'memory manager' scope unless the user explicitly chooses safe paths.
Install Mechanism
There is no install spec, but the code imports third-party modules directly from deno.land (zod and std/encoding). That means runtime will fetch remote code from the network; this is normal for Deno but is a supply-chain risk compared with vendored or packaged dependencies.
Credentials
The skill requests no env vars, which is proportional, but it performs arbitrary filesystem read/write (Deno.readTextFile / Deno.writeTextFile) with user-supplied paths. If the agent runs with filesystem permissions, the skill can read sensitive local files and then expose them in outputs — a high-risk capability relative to typical memory persistence needs unless paths are restricted.
Persistence & Privilege
The skill is not always-enabled and does not modify other skills. However, because it can persist to arbitrary disk paths and load arbitrary files, installing it in an environment with broad file-system permissions grants it effective persistent access to local data. Consider limiting runtime permissions or paths.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install smart-memory-manager - 安装完成后,直接呼叫该 Skill 的名称或使用
/smart-memory-manager触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.1
- Removed the skill.yaml file from the project.
- Consolidated metadata fields from skill.yaml into SKILL.md.
- Added a description field to SKILL.md.
- No changes to functionality or the core documentation content.
v1.0.0
Initial release of smart-memory-manager.
- Introduces a three-layered memory system (short-term, long-term, important) with automatic expiration and cleanup.
- Supports keyword, semantic, and hybrid search modes for efficient memory retrieval.
- Adds automatic summarization for memory compression and context management.
- Provides persistent storage options (in-memory and disk), with save/load support.
- Modular, lightweight, and type-safe design with easy customization and no external dependencies.
元数据
常见问题
smart-memory-manager 是什么?
Intelligent memory management for agents with short/long-term memory layering, semantic search, auto summarization, RAG enhancement. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 604 次。
如何安装 smart-memory-manager?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install smart-memory-manager」即可一键安装,无需额外配置。
smart-memory-manager 是免费的吗?
是的,smart-memory-manager 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
smart-memory-manager 支持哪些平台?
smart-memory-manager 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 smart-memory-manager?
由 Ayalili(@ayalili)开发并维护,当前版本 v1.0.1。
推荐 Skills