Session Memory & Summarization — 技能工具
v0.2.0[自动翻译] Automatically loads recent conversation memory into new sessions and generates AI summaries during compaction to maintain continuity across conversati...
0· 111·0 当前·0 累计
by 安全扫描
OpenClaw
安全
medium confidenceThe skill's code and instructions are consistent with its stated purpose (load recent memory and summarize sessions), but it persistently stores verbatim user/assistant turns to disk—so you should review the privacy implications and the inconsistent repository references before installing.
评估建议
This skill appears to do what it says (load summaries and the last N raw messages), but it stores the last 10 verbatim turns in workspace/memory as plaintext — that can include secrets or PII. Before installing: (1) decide whether storing verbatim messages on disk is acceptable for your environment; (2) consider reducing MAX_RECENT_MESSAGES or MAX_CONTENT_PER_MSG, or adding encryption/access controls to the memory/ directory; (3) verify which GitHub repo you should trust (docs reference more tha...详细分析 ▾
✓ 用途与能力
Name/description (session continuity + summarization) match the included handlers: session:compact:before creates summaries and appends a recent_messages JSON block; session:start loads summaries and that recent block. No unrelated credentials, binaries, or outside services are requested.
ℹ 指令范围
Handlers only read/write files under workspace/memory and access the hook context (messages, session, config). This matches SKILL.md. Note: the skill intentionally persists the last N raw message turns verbatim to disk (default 10), which is expected for exact resumption but expands the attack surface for sensitive data leakage.
✓ 安装机制
No install spec (instruction-only skill). Handlers are plain JS executed by OpenClaw; nothing downloads arbitrary code or external archives. Minor documentation inconsistency: SKILL.md/README suggest different git clone URLs (thomasmarcel vs animo66), which is a provenance/documentation mismatch but not an installation-time code-install risk in itself.
✓ 凭证需求
The skill requests no environment variables, no credentials, and no config paths beyond the workspace. It does reference a platform global agent (global.__OPENCLAW_AGENT__) to call agent.generateSummary(), which is reasonable for summarization and falls back to a local summarizer if not present.
ℹ 持久化与权限
always is false and the skill does not request elevated platform privileges. However it intentionally persists verbatim conversation chunks to the workspace/memory directory (plaintext JSON in daily .md files). That persistence is core functionality but is a material privacy/retention concern and should be considered a privileged data storage behavior.
安全有层次,运行前请审查代码。
运行时依赖
无特殊依赖
版本
latestv0.2.02026/4/3
v0.2.0: Preserve last 10 raw messages verbatim for exact conversation resumption. Two-layer continuity: AI summary + raw interactions. Loads today + yesterday on session start. Configurable MAX_RECENT_MESSAGES and MAX_SUMMARY_CHARS.
● Pending
安装命令 点击复制
官方npx clawhub@latest install session-context
镜像加速npx clawhub@latest install session-context --registry https://cn.clawhub-mirror.com
数据来源:ClawHub ↗ · 中文优化:龙虾技能库
OpenClaw 技能定制 / 插件定制 / 私有工作流定制
免费技能或插件可能存在安全风险,如需更匹配、更安全的方案,建议联系付费定制