📦 Tinmem Memory System — 持久记忆
v1.0.0为 OpenClaw AI 提供跨对话的持久记忆管理,可存取、更新、删除用户相关信息,实现上下文连续对话。
0· 425·1 当前·1 累计
by @tincomking下载技能包
最后更新
2026/4/22
安全扫描
OpenClaw
可疑
medium confidenceNULL
评估建议
Before installing or enabling this skill, ask the developer or registry operator to clarify: (1) Where exactly are memories stored (filesystem path)? Who can access that storage? (2) Is data encrypted at rest and in transit? (3) How is 'automatic extraction after each turn' scoped—what data is captured and under what rules? (4) How does memory_forget guarantee deletion (and is deletion propagated to backups)? (5) Are there retention and consent controls? (6) Who operates the LanceDB instance and...详细分析 ▾
ℹ 用途与能力
Name and description (persistent memory) align with the SKILL.md tools (store, recall, update, forget). However, the SKILL.md explicitly states memories persist in a local LanceDB database while the skill provides no install steps, no config paths, and no detail about where that database lives—an implementation detail mismatch that should be clarified.
⚠ 指令范围
Instructions direct the agent to automatically inject memories into context before each response and automatically extract new memories after each conversation turn. That implies continual collection and reuse of potentially sensitive user data across sessions and responses, which is broader than many users expect and isn't constrained by retention, consent, or filtering rules in the doc.
ℹ 安装机制
No install spec or code is provided (instruction-only). That reduces immediate disk risk, but the README claims use of a local LanceDB database (which would require filesystem access and some runtime components). The lack of install/runtime details is an inconsistency to resolve.
⚠ 凭证需求
The skill requests no environment variables or credentials, yet its behavior involves persistent local storage and automatic data extraction/injection. There is no mention of config paths, encryption, access control, retention policy, or how deletion (forget) is enforced—so the privacy/credential model is underspecified and disproportionately open.
⚠ 持久化与权限
The skill does not set always:true, but it instructs the agent to persist data across sessions and to automatically inject memories into context on every response. That grants the agent broad persistence and data reuse capability; without clear limits or user consent controls, this is a meaningful privilege and privacy risk.
安全有层次,运行前请审查代码。
运行时依赖
无特殊依赖
版本
latestv1.0.02026/2/27
NULL
● 可疑
安装命令
点击复制官方npx clawhub@latest install tinmem
镜像加速npx clawhub@latest install tinmem --registry https://cn.longxiaskill.com镜像同步中