首页龙虾技能列表 › Awareness Memory — 技能工具

🧠 Awareness Memory — 技能工具

v0.3.4

Persistent memory across sessions — local-first, no account needed. Automatically recalls past decisions, code, and tasks before each prompt, and saves sessi...

0· 410·0 当前·0 累计
by @edwin-hao-ai (Awareness)·MIT-0
下载技能包
License
MIT-0
最后更新
2026/4/12
安全扫描
VirusTotal
无害
查看报告
OpenClaw
可疑
high confidence
The skill largely does what it says (persistent memory) but its documentation contradicts its code: it reads and uploads local files, auto-starts a device-auth background poller that writes API keys into your global OpenClaw config, and overall asks for broader access than the SKILL.md claims.
评估建议
This skill is not outright malicious, but it contains surprising and risky behavior compared to its written description. Before installing or enabling it: 1) Review the code (import.js, poll-auth.js, recall.js) yourself or ask the author to explain why the skill imports local MEMORY.md/session logs and why it writes the API key into ~/.openclaw/openclaw.json instead of a private ~/.awareness/credentials file. 2) If you want to use it, prefer local-daemon mode (keep baseUrl=localhost) and avoid c...
详细分析 ▾
用途与能力
Name/description promise is a local-first persistent memory for the agent, which is plausible given the scripts. However the code goes beyond a simple local memory helper: import.js reads and batches local files (MEMORY.md, daily logs, and OpenClaw session JSONL) and sends them to the remote endpoint; poll-auth/poll-auth.js patches ~/.openclaw/openclaw.json to insert apiKey/memoryId (and also patches plugin entries). Those file- and config-level accesses are broader than a minimal memory helper and are not fully justified by the SKILL.md text.
指令范围
SKILL.md explicitly says it 'never reads, stores, or transmits file contents, environment variables, or credentials from your system beyond its own API key' and that credentials are stored in ~/.awareness/credentials.json, but the shipped scripts contradict this: import.js reads local MEMORY.md and session JSONL contents and posts them to the service; recall.js may auto-start device auth and inject a login URL; poll-auth writes auth results to ~/.awareness/device-auth-result.json and (critically) patches ~/.openclaw/openclaw.json. The instructions therefore understate what the runtime actually reads, writes and transmits.
安装机制
No install spec (instruction-only) and required binary is only node. No remote downloads or archive extraction appear in the package itself. Because code files are included, they will be executed by node hooks, but there is no elevated install mechanism or third-party package fetch in the provided files.
凭证需求
Declared requirements list no env vars, but scripts read environment variables (HOME, PWD, CLAUDE_PLUGIN_ROOT, CLAUDE_SKILL_DIR) and file system locations. The code writes credentials into global OpenClaw config (~/.openclaw/openclaw.json) and plugins.entries (making the apiKey available to other parts of the user's OpenClaw environment). It also imports session logs from ~/.openclaw/agents/main/sessions and sends their contents to the remote API. These actions are disproportionate to the minimal 'local-first, no account needed' framing and could expose other skills/plugins to the API key.
持久化与权限
The skill does not set always:true, but it spawns a detached background poller (poll-auth.js) during device auth which writes files and patches ~/.openclaw/openclaw.json and plugin entries. Modifying other skills' configuration and writing global OpenClaw config is flagged in the guidelines as a concern: the skill is granted persistent presence in the user's OpenClaw config and can make credentials available to other plugins.
scripts/headless-auth.js:63
Shell command execution detected (child_process).
scripts/recall.js:62
Shell command execution detected (child_process).
scripts/shared.js:151
Shell command execution detected (child_process).
scripts/poll-auth.js:27
Environment variable access combined with network send.
scripts/recall.js:21
Environment variable access combined with network send.
scripts/shared.js:20
Environment variable access combined with network send.
scripts/poll-auth.js:99
File read combined with network send (possible exfiltration).
scripts/recall.js:27
File read combined with network send (possible exfiltration).
scripts/shared.js:45
File read combined with network send (possible exfiltration).
安全有层次,运行前请审查代码。

License

MIT-0

可自由使用、修改和再分发,无需署名。

运行时依赖

🖥️ OSmacOS · Linux · Windows

版本

latestv0.3.42026/3/23

Fix F-035 headless auth gap (recall.js + poll-auth.js), F-036 shared scripts SSOT headers

● 无害

安装命令 点击复制

官方npx clawhub@latest install awareness-memory
镜像加速npx clawhub@latest install awareness-memory --registry https://cn.clawhub-mirror.com

技能文档

You have access to persistent cloud memory. Memory persists across sessions, devices, and projects.

Privacy & Data

This skill communicates with an external API to provide memory functionality:

  • Before each prompt: Your prompt text is sent to the configured Awareness API endpoint (default: awareness.market) to retrieve relevant past context via semantic search.
  • After each response: A brief session checkpoint (tool name, no full conversation) is sent to record activity.
  • Credentials: API key and memory ID are stored in ~/.awareness/credentials.json (file permissions 0600). The setup script can optionally write environment variables to your shell profile.
  • Local mode: If you run a local daemon (localhost:37800), all data stays on your machine — nothing is sent externally.
  • No secrets captured: The skill never reads, stores, or transmits file contents, environment variables, or credentials from your system beyond its own API key.

You can review the scripts in this skill folder before use. Source code: https://github.com/edwin-hao-ai/Awareness-SDK

Automatic Hooks (no action needed)

Hooks run automatically — you don't need to do anything:

  • Before each prompt: Past context is injected as XML
  • After each response: A checkpoint is saved to memory

Manual Tools

When you need more control beyond automatic hooks, use these Bash commands. All scripts are at ${CLAUDE_SKILL_DIR}/scripts/.

1. Initialize Session

Load cross-session context (summaries, tasks, knowledge cards):

node ${CLAUDE_SKILL_DIR}/scripts/init.js [days=7] [max_cards=20] [max_tasks=20]

Call this ONCE at session start if the auto-recall didn't provide enough context.

2. Search Memory (awareness_recall)

Semantic + keyword hybrid search for past decisions, solutions, and knowledge:

# Basic search
node ${CLAUDE_SKILL_DIR}/scripts/search.js "how was auth implemented?"
# With keyword boost
node ${CLAUDE_SKILL_DIR}/scripts/search.js "auth implementation" keyword_query="JWT HKDF"
# Advanced options
node ${CLAUDE_SKILL_DIR}/scripts/search.js "deployment issues" \
  scope=timeline limit=10 recall_mode=session \
  multi_level=true cluster_expand=true
# Progressive disclosure: get summaries first, then expand specific items
node ${CLAUDE_SKILL_DIR}/scripts/search.js "auth" detail=summary
node ${CLAUDE_SKILL_DIR}/scripts/search.js "auth" detail=full ids=id1,id2

Parameters:

  • keyword_query — 2-5 precise terms (file names, function names, error codes)
  • scope — all (default), timeline, knowledge, insights
  • limit — max results (default 6, max 30)
  • recall_mode — hybrid (default), precise, session, structured, auto
  • vector_weight — weight for semantic search (default 0.7)
  • bm25_weight — weight for keyword search (default 0.3)
  • multi_level — broader context across sessions
  • cluster_expand — topic-based context expansion
  • detail — summary (lightweight) or full (complete content)
  • ids — expand specific items from a prior summary call
  • user_id — filter by user

Call BEFORE starting work to avoid re-solving solved problems.

3. Record to Memory (awareness_record)

Save decisions, implementations, and learnings:

# Single event — ALWAYS include reasoning, not just what but WHY
node ${CLAUDE_SKILL_DIR}/scripts/record.js "Implemented JWT auth with HKDF key derivation because NextAuth v5 uses JWE A256CBC-HS512. Files changed: jwt_verify.py, auth.ts"
# Batch recording
echo '{"steps":["Step 1: analyzed auth flow","Step 2: implemented JWT verify","Step 3: added tests"]}' | node ${CLAUDE_SKILL_DIR}/scripts/record.js --batch
# With structured insights (knowledge cards, tasks, risks)
echo '{"content":"Auth refactor complete","insights":{"knowledge_cards":[{"title":"JWT Auth","category":"architecture","summary":"HKDF derivation for NextAuth v5"}],"action_items":[{"title":"Add rate limiting","priority":"high"}]}}' | node ${CLAUDE_SKILL_DIR}/scripts/record.js --with-insights
# Update task status
node ${CLAUDE_SKILL_DIR}/scripts/record.js --update-task task_id=abc123 status=completed

Call AFTER every meaningful action. If you don't record it, it's lost.

4. Lookup Structured Data (awareness_lookup)

Fast DB queries without vector search (<50ms):

# Open tasks
node ${CLAUDE_SKILL_DIR}/scripts/lookup.js type=tasks status=pending priority=high
# Knowledge cards
node ${CLAUDE_SKILL_DIR}/scripts/lookup.js type=knowledge query=auth category=architecture
# Risks
node ${CLAUDE_SKILL_DIR}/scripts/lookup.js type=risks level=high
# Timeline
node ${CLAUDE_SKILL_DIR}/scripts/lookup.js type=timeline limit=20
# Session history
node ${CLAUDE_SKILL_DIR}/scripts/lookup.js type=session_history session_id=xxx
# Handoff context (for agent transitions)
node ${CLAUDE_SKILL_DIR}/scripts/lookup.js type=handoff
# Project rules
node ${CLAUDE_SKILL_DIR}/scripts/lookup.js type=rules format=markdown
# Knowledge graph
node ${CLAUDE_SKILL_DIR}/scripts/lookup.js type=graph search=auth
node ${CLAUDE_SKILL_DIR}/scripts/lookup.js type=graph entity_id=xxx max_hops=2
# List agent roles
node ${CLAUDE_SKILL_DIR}/scripts/lookup.js type=agents

Use lookup instead of search when you know WHAT you want (type-based, not semantic).

5. Get Agent Prompt (sub-agent spawning)

Fetch the activation prompt for a specific agent role:

node ${CLAUDE_SKILL_DIR}/scripts/agent-prompt.js role=developer_agent

Use the returned prompt as the sub-agent's system prompt for memory isolation.

Workflow Checklist

Follow this workflow every session:

  • Session start: Auto-recall hook loads context. If insufficient, run init.js manually.
  • Before work: Search memory for relevant past context with search.js.
  • After each change: Record what you did and WHY with record.js.
  • Handle insights: When you make decisions or identify risks, use --with-insights to create searchable knowledge cards.
  • Session end: Auto-capture hook saves a checkpoint.

Setup

One-click setup (recommended)

Run this command — it opens your browser, you sign in, and everything is configured automatically:

node ${CLAUDE_SKILL_DIR}/scripts/setup.js

The setup script will:

  • Open your browser to sign in / register
  • You click "Authorize" — that's it
  • Auto-create or select a memory
  • Write AWARENESS_API_KEY and AWARENESS_MEMORY_ID to your shell profile

Other setup commands: 

node ${CLAUDE_SKILL_DIR}/scripts/setup.js --status   # Check current config
node ${CLAUDE_SKILL_DIR}/scripts/setup.js --logout    # Clear credentials

Manual setup (alternative)

Set environment variables directly:

export AWARENESS_API_KEY="aw_your-key"
export AWARENESS_MEMORY_ID="your-memory-uuid"

Local mode (privacy-first, no account needed)

export AWARENESS_LOCAL_URL="http://localhost:37800"

Not configured?

If the auto-recall hook outputs nothing (no block appears), the skill is not configured. Run the setup script above or tell the user to run it.

数据来源:ClawHub ↗ · 中文优化:龙虾技能库
OpenClaw 技能定制 / 插件定制 / 私有工作流定制

免费技能或插件可能存在安全风险,如需更匹配、更安全的方案,建议联系付费定制

了解定制服务