📦 Neolata Memory Engine — 智能体记忆引擎
v0.8.5为AI智能体打造的图原生记忆引擎,融合向量+关键词混合搜索、生物衰减、Zettelkasten链接与信任门控冲突解决,提供可解释的长期记忆能力。
0· 614·1 当前·1 累计
by 下载技能包
最后更新
2026/2/26
安全扫描
OpenClaw
安全
high confidenceNULL
评估建议
This skill is instruction-only and describes a Node.js memory library; it appears coherent, but follow these steps before installing or enabling remote features:
- Inspect the upstream package/repo before npm install: run `npm view ... scripts` / `npm view ... dependencies` and `npm pack --dry-run`, and review the repository source referenced in SKILL.md. The SKILL.md and registry metadata show small mismatches (version and homepage) — confirm you're installing the intended release.
- Start in ...详细分析 ▾
ℹ 用途与能力
The skill's name/description (graph-native memory engine) matches the SKILL.md and reference docs: methods, storage backends, embedding/LLM integration, and runtime helpers are all memory-related. Minor metadata inconsistencies exist: SKILL.md frontmatter lists version 0.8.4 while the registry shows 0.8.5, and registry metadata lists no homepage/source while SKILL.md points to a GitHub repo. These are administrative mismatches but do not change the stated purpose.
ℹ 指令范围
Instructions are focused on memory operations (store/search/context/decay/etc.). They explicitly document when data is sent off-host (embeddings, LLM extraction, Supabase storage, webhook writethrough) and provide safety guidance (SSRF guards, use memory mode, prefer anon keys + RLS). Runtime helpers (heartbeatStore, preCompactionDump) do instruct the host to extract key moments from conversation text — expected for a memory engine but worth noting since they cause the agent to collect conversation content.
✓ 安装机制
No install spec is included in the skill bundle (instruction-only), so nothing is written/executed by the platform. The SKILL.md recommends an npm package (@jeremiaheth/neolata-mem) hosted on GitHub; installing that package is a user action outside this skill. The author recommends verifying the tarball and notes zero runtime deps, which is prudent. Because the skill does not itself download/run code, install risk is low, but installing the referenced npm package carries the usual supply-chain risk and should be audited.
ℹ 凭证需求
The registry lists no required env vars; SKILL.md documents optional envs (OPENAI_API_KEY, OPENCLAW_GATEWAY_TOKEN, NVIDIA_API_KEY, AZURE_API_KEY, SUPABASE_URL, SUPABASE_KEY) and states that only OPENAI_API_KEY and OPENCLAW_GATEWAY_TOKEN are read directly by code by default. These optional credentials align with the described features (embeddings, LLM gateway, Supabase). The presence of supabase keys and webhook URLs is an explicit exfiltration/privilege surface if configured — the docs themselves warn about preferring anon keys with RLS and not using service keys in clients.
✓ 持久化与权限
always:false and no install scripts in this bundle. The skill does not request persistent platform privileges. It documents local JSON storage by default and an in-memory test mode; persistent or networked storage only occurs if you explicitly configure Supabase, embeddings, LLMs, or webhooks. Autonomous invocation is allowed by default (platform normal) but the skill does not request elevated or always-on privileges.
安全有层次,运行前请审查代码。
运行时依赖
无特殊依赖
版本
latestv0.8.52026/2/24
NULL
● 无害
安装命令
点击复制官方npx clawhub@latest install neolata-mem
镜像加速npx clawhub@latest install neolata-mem --registry https://cn.longxiaskill.com