← 返回 Skills 市场
267
总下载
0
收藏
0
当前安装
5
版本数
在 OpenClaw 中安装
/install sql-memory
功能描述
Semantic memory layer for OpenClaw agents. Use when: (1) persisting agent memories with importance scoring, (2) hierarchical memory rollups (daily→weekly→mon...
安全使用建议
This skill implements a SQL-backed memory/queue and legitimately needs SQL credentials, but the package metadata fails to declare them and the docs include example cloud host/database names (including a third‑party-looking host). Before installing: 1) Confirm you will provide your own SQL endpoints and credentials; never reuse the sample cloud host/database shown in the docs. 2) Inspect sql_memory.py and setup_schema.py for any hardcoded endpoints or credentials (search for hostname, ip, db_). 3) Install and inspect the required sql-connector dependency to see how credentials are read and stored. 4) Run the skill in an isolated environment and point it at a test database you control. 5) Consider network/DB access controls and encryption (use least privilege DB user, TLS, and audit logs). If you can share the full sql_memory.py (or confirm no hardcoded remote credentials/endpoints), I can re-evaluate and raise confidence.
功能分析
Type: OpenClaw Skill
Name: sql-memory
Version: 2.2.0
The skill bundle provides a comprehensive semantic memory layer for agents, but it contains a significant SQL injection vulnerability in the 'execute' method within 'sql_memory.py'. The docstring explicitly admits that this legacy passthrough bypasses parameterization, creating a high-risk surface for database exploitation. Additionally, the code and documentation contain hardcoded internal IP addresses (10.0.0.110) and specific third-party database hostnames (sql5112.site4now.net) as defaults, which is a poor security practice even if not inherently malicious.
能力评估
Purpose & Capability
The skill's name/description (semantic SQL memory, queue, logs, rollups) aligns with the included code (sql_memory.py, setup_schema.py). However the registry metadata declares no required env vars or primary credential while the SKILL.md/README/GETTING_STARTED explicitly require SQL connection secrets (SQL_* env vars). That omission in the declared requirements is an incoherence: the skill will need DB credentials at runtime even though none are advertised.
Instruction Scope
Runtime instructions are within the stated purpose (create schema, remember/recall/search, queue tasks, log events). But the docs repeatedly show/encourage a specific cloud backend (SQL_CLOUD_SERVER=sql5112.site4now.net, SQL_CLOUD_DATABASE=db_99ba1f_memory4oblio) — sample values that point to an external instance — and setup/install steps assume users will provide .env credentials. The SKILL.md also instructs running setup_schema.py which connects to whatever profile is configured. There is no instruction-level warning that a misconfigured profile could point to a third-party DB; that raises risk of accidental data transfer.
Install Mechanism
No install spec (instruction-only) and the package is bundled in the skill archive (python files and scripts). There are no remote download URLs or extract/install steps that fetch arbitrary binaries, so installation risk is low. The skill does depend on the external 'sql-connector' skill which itself will need to be installed.
Credentials
The registry lists no required environment variables, but documentation and setup script require SQL credentials (SQL_LOCAL_*/SQL_CLOUD_* including passwords). Requiring database credentials is appropriate for a DB-backed memory skill, but failing to declare them in the registry is a mismatch that hides sensitive requirements from users. Also the docs include example host/database names (a third-party host and specific database name) which could lead users to accidentally connect to or leak data into someone else's instance if they copy examples.
Persistence & Privilege
The skill is not marked 'always: true' and is user-invocable (normal). It does not request to modify other skills or system-wide settings. It does add persistent state to an external SQL database (expected for its purpose) — ensure DB access is scoped and audited.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install sql-memory - 安装完成后,直接呼叫该 Skill 的名称或使用
/sql-memory触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v2.2.0
GETTING_STARTED.md (512 lines) and SKILL_REFERENCE.md (936 lines) added. Dependency chain documented (sql-connector required). Publish workflow added. Dead DB reference corrected. README DEPENDENCY_PRIORITY section added.
v2.1.0
Housekeeping: removed infrastructure copies and unrelated tests. Branches main+development now in sync. Skill now contains only: sql_memory.py, setup_schema.py, knowledge-base docs.
v2.1.0-alpha
Public alpha: rewrote README with full API reference, schema setup guide, setup_schema.py auto-installer, alpha warning, community invite.
v2.0.1
v2.0.1: pymssql transport, logged_at fix, todo CRUD, model_hint, UTC everywhere
v2.0.0
v2.0: pymssql transport, logged_at fix, todo CRUD, model_hint, UTC everywhere
元数据
常见问题
SQL Memory 是什么?
Semantic memory layer for OpenClaw agents. Use when: (1) persisting agent memories with importance scoring, (2) hierarchical memory rollups (daily→weekly→mon... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 267 次。
如何安装 SQL Memory?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install sql-memory」即可一键安装,无需额外配置。
SQL Memory 是免费的吗?
是的,SQL Memory 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
SQL Memory 支持哪些平台?
SQL Memory 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 SQL Memory?
由 Oblio(@oblio-falootin)开发并维护,当前版本 v2.2.0。
推荐 Skills