Tiered Memory

EvoClaw Tiered Memory Architecture v2.1.0 - LLM-powered three-tier memory system with structured metadata extraction, URL preservation, validation, and cloud...

This skill appears to implement the memory system it promises, but there are important privacy and configuration issues you should consider before installing: - Credentials and endpoints: The README and CLI indicate you must provide a Turso DB URL/token and may supply LLM endpoints (HTTP). The registry metadata did not declare these required environment variables — verify and be prepared to provide secrets if you enable cloud sync or LLM features. - Data that may be uploaded: Hot memory explicitly contains owner identity/profile, family names, events, tasks and other personal context. The 'sync-critical' operation and cold storage (Turso) will transmit that data to the cloud. If you enable LLM distillation/search with external endpoints, portions of conversation text (and extracted metadata like URLs, commands, file paths) will be sent to that endpoint. - Principle of least privilege: If you decide to use this skill, prefer local-only operation first: avoid configuring an external Turso DB or remote LLM endpoint until you audit the code and are confident in the destination. Use localhost or a controlled internal LLM endpoint instead of public endpoints. - Audit the code paths: The code calls urllib.request.urlopen to user-supplied endpoints and subprocess to run memory_cli.py from metrics_tracker. Review/limit what files are passed into distillation/metadata extraction and where the workspace path points (WORKSPACE env var) to avoid accidental exposure of unrelated files. - Test safely: Run the scripts in a sandboxed environment with test data (no real PII) and without setting Turso/remote LLM configs. If you intend to enable cloud sync, inspect and, if necessary, redact sensitive fields before upload or add encryption/ACL protections on the destination DB. - If you need help deciding: ask the author (if known) for explicit declaration of required env vars and a clear privacy statement explaining exactly which fields get synced and how they are protected in transit and at rest. Given the declared functionality, these issues may be benign design choices, but the lack of declared credentials and the potential to send sensitive local context to external services are reasons to proceed cautiously.

Type: OpenClaw Skill Name: tiered-memory Version: 2.2.0 The skill implements a tiered memory system for AI agents, involving local file storage, interaction with LLM endpoints, and cloud synchronization with Turso DB. While its core functionality aligns with the stated purpose, it is classified as 'suspicious' due to the inherent risks associated with its design patterns. Specifically, the extensive use of `subprocess.run` for inter-script communication and external tool calls, although currently implemented with apparent care (e.g., `sanitize_agent_id` for path traversal), represents a powerful primitive that could be vulnerable to shell injection if input sanitization were to fail or be bypassed. Furthermore, the LLM integration, particularly in `_llm_distill_chunk` and `tree_search.py`, constructs prompts using user-provided text (e.g., daily notes, queries). This introduces a significant risk of prompt injection against the integrated LLM, which could lead to unintended or manipulated LLM behavior during distillation or retrieval. There is no evidence of intentional malicious behavior such as unauthorized data exfiltration or persistence mechanisms.