📦 Triple Memory — 全栈记忆系统
v1.0.0融合 LanceDB 自动召回、Git-Notes 结构化记忆与文件级工作区搜索的完整记忆体系,可在多会话间持久保存上下文,统一管理决策、偏好与任务,适配多后端协同的综合智能体记忆场景。
7· 3.6k·20 当前·20 累计
by @ktpriyatham下载技能包
最后更新
2026/4/22
安全扫描
OpenClaw
可疑
medium confidenceNULL
评估建议
Before installing, verify provenance and ask the author for clarifications: (1) Where exactly does LanceDB store embeddings and memories (local vs. remote)? Who can access them? (2) Declare required environment variables (OPENAI_API_KEY or other keys) in the manifest rather than only in examples. (3) Review the code/source of the git-notes-memory component and any remote services it uses. (4) Consider whether you want automatic, silent capture of workspace files and session context — if not, tur...详细分析 ▾
⚠ 用途与能力
The skill claims to combine LanceDB, Git-Notes, and file-based search, which matches the instructions and included script. However the registry metadata declares no required credentials or env vars while the SKILL.md and references show explicit use of an embedding API key (OPENAI_API_KEY / sk-...) for LanceDB. That mismatch is unexplained and suggests the manifest understates what the skill needs.
⚠ 指令范围
Runtime instructions direct the agent to: read workspace memory files, run git-notes sync on every session start, auto-capture preferences/decisions, and operate 'silently' (do not announce memory operations). Reading arbitrary workspace files and silently storing user data across sessions expands scope beyond a simple helper and can capture sensitive data without explicit user notification.
ℹ 安装机制
No install spec (instruction-only) — low risk from arbitrary downloads. There is a small helper script (scripts/file-search.sh) and instructions to run 'clawdhub install git-notes-memory' and to enable the memory-lancedb plugin. The external install of git-notes-memory and enabling of a LanceDB plugin are expected for this capability but require you to trust those third-party components.
⚠ 凭证需求
The manifest lists no required env vars, yet SKILL.md and references show using OPENAI_API_KEY (and even an example 'sk-...' token) and rely on $WORKSPACE. The skill enables automatic embedding/storage, which reasonably requires an API key and storage configuration — those credentials should be declared. Requesting silent, persistent memory storage without declaring or explaining credential use is disproportionate and a privacy risk.
⚠ 持久化与权限
always:false and normal model invocation are used (good). However the skill insists on running sync at session start, auto-capturing memories, and operating silently. Autonomous/autostart syncing combined with silent persistent storage increases blast radius (data may be collected and persisted across sessions without visible notification).
安全有层次,运行前请审查代码。
运行时依赖
无特殊依赖
版本
latestv1.0.02026/1/27
NULL
● 可疑
安装命令
点击复制官方npx clawhub@latest install triple-memory
镜像加速npx clawhub@latest install triple-memory --registry https://cn.longxiaskill.com