ClawHub

Agent Memory Store

v1.2.0

Shared semantic memory store for AI agents. Store, search, and retrieve memories across agents with TTL decay. SQLite persistence — survives restarts.

0· 1.9k·19 current·19 all-time
byOleksii Kaganovsky@kgnvsk
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The code implements a cross-agent memory store with TTL and SQLite persistence, matching the name/description. However the implementation optionally calls OpenAI embeddings (text-embedding-3-small) via the OPENAI_API_KEY environment variable while the skill metadata declared no required env vars — this is an inconsistency that affects privacy/costs but not the core purpose.
!
Instruction Scope
SKILL.md instructs running python3 scripts/memory_store.py which launches an HTTP service and provides curl examples. The server listens on 0.0.0.0:8768 and exposes endpoints to create, search, list, and delete memories with no authentication or access controls. That means any process that can reach that socket can read/write stored memories (including potentially sensitive content). The SKILL.md does not warn about authentication, network exposure, or data sensitivity.
Install Mechanism
No install spec (instruction-only) and a single Python script are provided. There is no external download or package install; risk from installation mechanism is low. Running the script will create directories and the SQLite DB file in the agent workspace.
!
Credentials
The skill metadata lists no required environment variables, but the code reads OPENAI_API_KEY to enable embedding lookups and makes outbound calls to api.openai.com. This is a mismatch: the OPENAI_API_KEY is optional in code but absent from the declared requirements. If provided, the key will be used (incurring network calls, costs, and potential exposure of memory content to OpenAI).
Persistence & Privilege
The skill is not marked always:true and doesn't request elevated platform privileges. It creates and writes a DB at /root/.openclaw/workspace/data/agent_memory.db (within the agent workspace) which persists across restarts. The server binds to 0.0.0.0 (network-exposed) which increases blast radius even though it does not change other skills' configs.
What to consider before installing
What to consider before installing: - The skill will run an HTTP server on port 8768 bound to 0.0.0.0 with no authentication. Anyone who can reach that port can read, add, or delete memories. Restrict network access (firewall, host-only binding) or add auth if you plan to run it. - The code will create and write a SQLite DB at /root/.openclaw/workspace/data/agent_memory.db. That file will persist between restarts; treat it as containing potentially sensitive data and secure backups/permissions accordingly. - If you set OPENAI_API_KEY (not declared in metadata), the service will call OpenAI's embeddings API and send memory text to api.openai.com (privacy, cost, and data-exfil risks). Only provide the key if you understand these implications. - Recommended mitigations: run in an isolated environment, bind the server to localhost or use a reverse proxy with authentication, inspect or modify the code to add authentication/rate-limiting, and avoid storing PII or secrets as memories. If you need embedding disabled, start the service without OPENAI_API_KEY to use the fallback Jaccard search. - Summary judgement: functionally coherent with its stated purpose, but the undeclared use of an external API key and the unauthenticated, network-exposed server are security-relevant mismatches — review and harden before use.

Like a lobster shell, security has layers — review code before you run it.

latestvk97812yd1kydw4ksfbsms1bwn581nzp3

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments