LanceDB Hybrid Search Memory Plugin
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Once enabled, OpenClaw will use this replacement memory implementation instead of the bundled LanceDB memory plugin.
The plugin intentionally replaces the built-in memory provider once the user adds it to plugin load paths. This is disclosed and purpose-aligned, but it affects core agent memory tools.
This plugin keeps the id `memory-lancedb`, so it will **override** the bundled `memory-lancedb` extension when discovered via `plugins.load.paths`
Enable it only if you intend to replace the built-in memory plugin, and remove the configured plugin load path to revert.
Your embedding provider key will be available to the plugin for generating memory embeddings.
The plugin requires a sensitive embedding provider API key. This is expected for OpenAI-compatible embeddings and is marked sensitive in the plugin manifest.
"embedding.apiKey": { "label": "OpenAI API Key", "sensitive": true, "placeholder": "sk-proj-..." }Use an environment variable or a scoped key where possible, and only configure trusted embedding providers or base URLs.
Installing the plugin may download and run code from npm packages used by LanceDB and OpenAI client libraries.
The user-directed setup installs npm dependencies for the plugin. This is normal for the plugin’s purpose, but it introduces a standard third-party dependency supply-chain surface.
cd ~/.openclaw/workspace/skills/memory-lancedb-hybrid/plugin npm install --omit=dev
Install from a trusted source, prefer lockfile-respecting installs such as npm ci when practical, and review dependency changes before updating.
Conversation facts or preferences may be stored locally and reused in later sessions, which can influence future responses.
The plugin can persist information from conversations and later inject recalled memories into the agent context. This is the intended memory feature, but it affects future agent behavior and retained data.
"autoCapture": { "help": "Automatically capture important information from conversations" },
"autoRecall": { "help": "Automatically inject relevant memories into context" }Enable auto-capture and auto-recall only if you want persistent memory, periodically review or forget stored memories, and protect the configured database path.