🧠 Chaos Mind — 混合记忆搜索
v0.1.3为 AI 智能体打造的混合搜索记忆系统,支持手动检索与存储,自动捕获功能需主动开启,数据主权完全由用户掌控。
2· 1.9k·2 当前·4 累计
by @hargabyte下载技能包
最后更新
2026/4/19
安全扫描
OpenClaw
可疑
medium confidenceNULL
评估建议
What to check before installing:
- Do NOT run remote installers blindly. Avoid piping install scripts (curl | bash) unless you have reviewed the script. Prefer cloning the repo and inspecting install.sh first.
- Review install.sh: the script downloads GitHub release tarballs and extracts them to ~/.chaos/bin but does not verify checksums or signatures. If you want stronger assurance, build from source or verify release checksums from the project release page before installing.
- Auto-capture is ...详细分析 ▾
ℹ 用途与能力
The name/description (local hybrid memory, opt‑in auto‑capture) aligns with the code and config: it installs local binaries, a Dolt DB, and an optional consolidator that reads configured files. However some documentation (DEPLOYMENT_CHECKLIST, INSTALL_NOTES, README) lists default auto-capture glob patterns that target OpenClaw/agent session files; the shipped consolidator.template.yaml has sources empty by default. This mismatch could cause confusion: the ability to read agent session transcripts is coherent with the skill, but the presence of example default patterns in other docs increases privacy risk if a user enables auto-capture without reviewing config.
⚠ 指令范围
SKILL.md and other docs repeatedly instruct users to edit ~/.chaos/config/consolidator.yaml and to enable auto_capture only after configuring paths; that keeps scope narrow. But other files (DEPLOYMENT_CHECKLIST, INSTALL_NOTES, some release docs) present default example globs that reference other agents' session directories (e.g., ~/.openclaw-*/agents/*/sessions/*.jsonl). If a user enables auto-capture and reuses these examples, the consolidator will read potentially sensitive session transcripts. Also the README/INSTALL_NOTES explicitly suggest 'curl ... | bash' as an install path (remote execution) while SECURITY.md claims 'No Automatic Remote Script Execution' — that contradiction widens runtime scope and is a red flag.
⚠ 安装机制
The installer downloads pre-built tarballs from GitHub Releases (reasonable host) and falls back to building from source (git + go). Downloading from GitHub releases is acceptable, but the install.sh does not perform checksum or signature verification despite SECURITY.md claiming signed/reproducible releases and checksums are provided. Moreover, README/INSTALL_NOTES recommend curl | bash for quick install — a practice that can execute remote code without verification. The fetch+extract behavior (tar -xzf into ~/.chaos/bin) is extract=true in effect and should be paired with verification; it isn't.
ℹ 凭证需求
The skill requests no credentials or special env vars; required system dependencies (Dolt, optionally Ollama) are proportional to a local DB + local LLM extraction workflow. That said, the consolidator's purpose is to read local session files; while opt‑in and configured via lists, those sources can contain highly sensitive data. No cloud keys are requested, which is good, but the risk is accidental data access if users copy example globs without understanding them.
ℹ 持久化与权限
The skill does not force always:true; however it ships a systemd service template and a setup script that installs a persistent consolidator service (requires sudo to copy to /etc/systemd). Running that service gives long‑running background access to any paths configured in the consolidator config. This persistence is consistent with the tool's purpose but increases blast radius if misconfigured. The installer does not auto-enable the service by default (user must run setup-service.sh / systemctl enable), which is appropriate.
安全有层次,运行前请审查代码。
运行时依赖
无特殊依赖
版本
latestv0.1.32026/2/6
NULL
● 可疑
安装命令
点击复制官方npx clawhub@latest install chaos-mind
镜像加速npx clawhub@latest install chaos-mind --registry https://cn.longxiaskill.com