memory-m3e - Semantic Memory Plugin

This skill appears to implement a memory store using an external embedding service and a local SQLite DB, but there are a few red flags to consider before installing: - Mismatch: README/SKILL.md claim "no native deps" but package.json/index.ts use better-sqlite3 (a native module). Expect native compilation or platform-specific binaries when running npm install — ensure build tools are available or avoid if you cannot build native modules. - Missing implementation: Documentation mentions autoCapture/autoRecall, but the code does not implement automatic capture of conversations. Treat those documented features as not present. - Secrets handling: The embedding API key is placed in plugin config (openclaw.json). That file will contain your API key in plaintext unless your environment secures it; point baseUrl only to a trusted embedding provider and rotate keys if needed. - Data location: Memories are stored locally at ~/.openclaw/data/memory-m3e.db by default and not encrypted. Sensitive information saved via memory_store will be persisted in that DB. - Network risk: All text passed to memory_store/memory_recall/memory_forget is sent to the configured embedding baseUrl. Verify the service is trusted and uses HTTPS (default example uses http). Recommended actions: - Ask the publisher for an upstream/homepage or source repository to validate releases and see build instructions. - If you want no native deps, request a truly pure-JS implementation or a different storage backend. Otherwise prepare to allow native builds. - Review and, if necessary, sandbox the plugin (test in isolated environment) before using with sensitive data. - Confirm where you will store the API key and consider whether storing it in openclaw.json meets your security requirements.