ClawHub

Engram

v0.2.0

Persistent semantic memory for AI agents — local, fast, free. Use when agent needs to recall past decisions, store new facts/preferences, search conversation history, or maintain context across sessions.

1· 1.9k·6 current·6 all-time
by@dannydvm
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description (local persistent semantic memory) match the declared binary 'engram' and the npm package 'engram-memory' that provides that CLI. Required binaries and declared install step are coherent with the skill's stated purpose.
Instruction Scope
SKILL.md contains only CLI usage for search/add/ingest/relate/export/import and references local files (e.g., export/import) and stdin ingestion — all expected for a local memory CLI. It does not instruct reading unrelated system files or requiring unrelated env vars.
Install Mechanism
Install uses a public npm package (engram-memory) which is a typical distribution method for a CLI. This is proportionate, but npm packages can execute arbitrary install scripts and the installed binary can perform network I/O; the skill claims 'No cloud' but that cannot be verified without inspecting the package.
Credentials
No environment variables, credentials, or config paths are requested. That is consistent with the 'local, no API keys' claim. Because no secrets are requested, there is no immediate credential overreach.
Persistence & Privilege
always:false and normal autonomous invocation are used. The skill does not request system-wide config changes or other skills' credentials. It will read/write local files (backup.json etc.) as expected for a local memory tool.
Assessment
This skill appears internally consistent for a local CLI-based memory tool, but take these precautions before installing: 1) Inspect the npm package (engram-memory) on the npm registry or its repository — check package.json for postinstall scripts and examine the binary's source if available. 2) Prefer installing in a sandbox/container or with restricted permissions to confirm it behaves offline if you require 'no cloud' guarantees. 3) Be aware that export/import commands create/read local files (backup.json) — avoid exporting sensitive data to unsecured locations. 4) Run npm audit / malware scans and verify the package author and recent activity. If you cannot review the package source, treat the install as higher risk.

Like a lobster shell, security has layers — review code before you run it.

latestvk972gtpx5kghyg088pq6t62qq180kayg

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🧠 Clawdis
Binsengram

Install

Install Engram (npm)
Bins: engram
npm i -g engram-memory

Comments