← 返回 Skills 市场
54
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install z1-memory-palace
功能描述
File-based long-term AI memory system with BGE-M3 vector search, metadata filtering, compound scoring, graph-based neighbor expansion, and automated memory m...
安全使用建议
Don't run these scripts unchanged. Key risks and actions to consider:
- The code hardcodes ROOT = /Users/zhouyi0415126.com/ai_matrix/vault/01_core; it will not operate on a palace/ you create in the current directory. Before running, either change ROOT to a safe test directory or run inside a disposable copy of your repository.
- The scripts perform filesystem writes (rename backup of manifest, overwrite index files, write graph JSON). Backup your data first and inspect the manifest/index files before running write operations.
- SKILL.md suggests pip install FlagEmbedding (third-party package). Audit that package (source, PyPI page) before installing and consider installing into an isolated virtualenv.
- There are path mismatches (scripts call scripts/watchdog/*.py but files are in scripts/). Expect runtime failures and review/normalize paths.
- The tool will encode text with a BGEM3FlagModel which may contact remote model services; confirm network behavior and any credentials required by the FlagEmbedding library.
- If you want to use this skill, adapt ROOT and script paths to a sandbox/test directory, run dry-runs, and only enable any scheduled/automated runs after verifying effects. If uncertain, ask the author for a repackaged version that uses relative paths or accepts a configurable root path and documents expected side effects.
功能分析
Type: OpenClaw Skill
Name: z1-memory-palace
Version: 3.0.0
The bundle implements a functional file-based RAG (Retrieval-Augmented Generation) system, but contains high-risk patterns including hardcoded absolute paths and shell execution. Multiple scripts (build_index_bge.py, query_bge.py, cold_zone_blinding_patch.py) use a hardcoded path (/Users/zhouyi0415126.com/ai_matrix/vault/01_core), which is a significant security flaw for shared code. Additionally, auto_maintain.sh and build_index_bge.py execute shell commands (git diff) and imply persistence via LaunchAgents. While no clear evidence of data exfiltration or intentional malice was found, the lack of path generalization and the use of system-level scripts for local file manipulation represent a high risk to the host environment.
能力评估
Purpose & Capability
The skill claims a file-based, zero-infrastructure memory palace you can initialize in the current working directory, but the Python and shell scripts are written to operate on a hardcoded absolute ROOT (/Users/zhouyi0415126.com/ai_matrix/vault/01_core). That means running the provided scripts will not act on the local 'palace/' you create unless you edit the code. This mismatch is unexpected for the claimed purpose and suggests poor packaging or that the code was copied from a single developer's machine.
Instruction Scope
SKILL.md tells the agent/user to create palace/ in the current directory and run pip install FlagEmbedding and the build/query scripts. The code, however, reads/writes manifests, index and graph files under the absolute ROOT path and performs file operations (renaming manifest to a .backup, writing indexes, writing graph_neighbors). auto_maintain.sh also cd's into the hardcoded path and calls scripts under scripts/watchdog/, but the included files are in scripts/ (no watchog subdir). These instructions will either fail or operate on unexpected files; they also perform writes/renames on the user's filesystem (expected for an indexer but important to be explicit).
Install Mechanism
There is no formal install spec; SKILL.md suggests pip install FlagEmbedding. That is a moderate-risk dependency (unknown third-party package) but not inherently malicious. Because this is instruction-only with code files, nothing is automatically written to disk by the registry, but following the instructions will install a third-party Python package and run local scripts that modify files.
Credentials
The skill does not request environment variables or credentials. However, it expects filesystem access to a specific absolute path and will read and write files there (manifests, index, backups, graph). That filesystem access is proportional for a local memory manager, but the hardcoded path is disproportionate to the 'zero-infrastructure' claim and increases risk of accidental modification of unrelated user data if the path is adapted incorrectly.
Persistence & Privilege
The skill is not marked 'always' and does not itself install persistent agents. It contains an auto_maintain.sh that is intended to be run by a LaunchAgent daily (comment only). If a user or integrator wires this into a scheduler, it will perform recurring writes and rebuilds on the hardcoded vault. That persistent operation would increase blast radius, so treat automated scheduling cautiously.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install z1-memory-palace - 安装完成后,直接呼叫该 Skill 的名称或使用
/z1-memory-palace触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v3.0.0
Compound scoring (semantic 50% + recency 25% + importance 25%), metadata pre-filtering (--type/--priority), BGE-m3 index enhanced with mtime field, memory metabolism protocol, chamber accumulated knowledge system. Zero Docker, zero external services.
元数据
常见问题
Z1 Memory Palace v3.0 是什么?
File-based long-term AI memory system with BGE-M3 vector search, metadata filtering, compound scoring, graph-based neighbor expansion, and automated memory m... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 54 次。
如何安装 Z1 Memory Palace v3.0?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install z1-memory-palace」即可一键安装,无需额外配置。
Z1 Memory Palace v3.0 是免费的吗?
是的,Z1 Memory Palace v3.0 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
Z1 Memory Palace v3.0 支持哪些平台?
Z1 Memory Palace v3.0 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Z1 Memory Palace v3.0?
由 z1one0415(@z1one0415)开发并维护,当前版本 v3.0.0。
推荐 Skills