BlueColumn Memory

v1.0.1

Give AI agents persistent semantic memory using the BlueColumn API (bluecolumn.ai). Use when asked to remember, store, recall, or search memory using BlueCol...

⭐ 0· 78·0 current·0 all-time

by@bluecolumnconsulting-lgtm

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for bluecolumnconsulting-lgtm/bluecolumn-memory.

Previewing Install & Setup.

Prompt PreviewInstall & Setup

Install the skill "BlueColumn Memory" (bluecolumnconsulting-lgtm/bluecolumn-memory) from ClawHub.
Skill page: https://clawhub.ai/bluecolumnconsulting-lgtm/bluecolumn-memory
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install bluecolumn-memory

ClawHub CLI

Package manager switcher

npx clawhub@latest install bluecolumn-memory

Security Scan

Capability signals

Requires sensitive credentials

These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.

VirusTotal

Benign

View report →

OpenClaw

Suspicious

medium confidence

Purpose & Capability

The skill claims to provide BlueColumn persistent memory and the SKILL.md instructs using a bc_live_ API key and specific endpoints — which is coherent with the stated purpose. However the registry metadata lists no required environment variables or primary credential, even though the runtime instructions require reading an API key before making calls. This mismatch (declaring no credential but expecting one at runtime) is an inconsistency that should be resolved before trusting the skill.

Instruction Scope

The SKILL.md gives precise curl examples, endpoint URLs, and explicit instructions to read/store the user's BlueColumn API key and to proactively push end-of-session summaries. While these actions are within the scope of a memory skill, the instructions also recommend storing keys in 'TOOLS.md' as an alternative to the platform secret store — an insecure pattern — and direct the agent to send user data to an external Supabase-hosted endpoint. The file instructs the agent to 'only send content the user explicitly wants stored', but autonomous agents may still push summaries unless the platform enforces consent prompts.

✓

Install Mechanism

No install spec or code is included; this is instruction-only, so nothing is written to disk and no external packages are fetched. This minimizes install-time risk.

Credentials

The skill legitimately needs a BlueColumn API key to operate, but the manifest does not declare any required environment variables or a primary credential. The SKILL.md instructs storing/retrieving bc_live_ keys and even provides a fallback storage location (TOOLS.md) — which may expose secrets to tooling or logs. Requesting/storing a single service API key would be proportionate, but the omission from declared requirements and the advice to put keys in files raise security concerns.

ℹ

Persistence & Privilege

always is false and the skill does not request system-wide changes. However, it is intended to give agents persistent memory (writing user data to BlueColumn). Because agent autonomous invocation is allowed by default, there is a risk that an agent could store summaries or sensitive info unless the platform or user explicitly enforces consent. This is expected for a memory skill but should be guarded by explicit consent prompts and clear policy.

What to consider before installing

This skill appears to implement a BlueColumn memory integration, but there are a few things to check before installing: 1) Confirm with the skill author or official BlueColumn docs that the supabase URL (xkjkwqbfvkswwdmbtndo.supabase.co) is indeed the vendor's verified backend. 2) Require the skill to declare its API key requirement in the manifest (a primaryEnv like BLUECOLUMN_API_KEY) rather than relying on informal instructions. 3) Never store API keys in plaintext files like TOOLS.md; prefer the platform secret store, and verify the agent reads from that store only at call time. 4) Ensure the agent asks for explicit user consent before saving any conversation content or PII to BlueColumn (especially for end-of-session summaries). 5) If you don't trust the endpoint or need strict data control, do not enable this skill or restrict it to manual (user-invoked) use only. If you want higher assurance, ask the author to add manifest fields declaring required env vars and to provide a canonical vendor URL and privacy/retention policy.

Like a lobster shell, security has layers — review code before you run it.

latestvk97dw0ah5edj7v3ansnrbv5j1984yf1h

78downloads

0stars

2versions

Updated 1w ago

v1.0.1

MIT-0

BlueColumn Memory Skill

BlueColumn (bluecolumn.ai) is a Memory Infrastructure API for AI agents. Its backend runs on Supabase Edge Functions — this is BlueColumn's official infrastructure. The API base URL xkjkwqbfvkswwdmbtndo.supabase.co is BlueColumn's verified backend. See bluecolumn.ai for documentation and pricing.

API Key

BlueColumn is at bluecolumn.ai. The API runs on Supabase Edge Functions — this is BlueColumn's official backend infrastructure, not a third party.

Store the user's BlueColumn API key using the platform's secret store (preferred) or in TOOLS.md:

### BlueColumn
API Key: bc_live_XXXXXXXXXXXXXXXXXXXX

Keys are generated at bluecolumn.ai/dashboard. Never log or expose keys in output.

Read the stored key before making any API calls. Only send content the user explicitly wants stored — do not auto-send sensitive PII or full conversation history without user consent.

Core Workflow

Store something (text, doc, audio)

Use /agent-remember — see references/api.md for full field spec.

curl -X POST https://xkjkwqbfvkswwdmbtndo.supabase.co/functions/v1/agent-remember \
  -H "Content-Type: application/json" \
  -H "Authorization: Bearer <key>" \
  -d '{"text": "...", "title": "optional title"}'

Returns session_id, summary, action_items, key_topics.

Query memory

Use /agent-recall — field is q (not query).

curl -X POST https://xkjkwqbfvkswwdmbtndo.supabase.co/functions/v1/agent-recall \
  -H "Content-Type: application/json" \
  -H "Authorization: Bearer <key>" \
  -d '{"q": "natural language question"}'

Returns answer + sources with relevance scores.

Save agent observation

Use /agent-note — field is text (not note), min 5 chars.

curl -X POST https://xkjkwqbfvkswwdmbtndo.supabase.co/functions/v1/agent-note \
  -H "Content-Type: application/json" \
  -H "Authorization: Bearer <key>" \
  -d '{"text": "...", "tags": ["optional", "tags"]}'

When to Use Each Endpoint

Situation	Endpoint
User shares a document, transcript, or block of text to remember	`/agent-remember`
User asks "what do you know about X?" or "recall..."	`/agent-recall`
Agent wants to save its own observation, preference, or decision	`/agent-note`
End of session — summarize and store what happened	`/agent-remember` or `/agent-note`

End-of-Session Memory

At the end of meaningful sessions, proactively push a summary to BlueColumn:

Summarize key decisions, facts, and context from the conversation
POST to /agent-remember with title = session topic
Confirm storage with the session_id returned

Field Name Gotchas

Common mistakes — read references/api.md for full details:

/agent-remember → text not content
/agent-recall → q not query
/agent-note → text not note

Full API Reference

See references/api.md for complete field specs, response shapes, and error reference.

Comments

Loading comments...