ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Jasper Recall

v1.0.0

Local RAG memory system for AI agents using ChromaDB and SkillBoss API Hub embeddings, enabling context recall, continuous learning, and multi-agent shared m...

0· 27·0 current·0 all-time
by@marjoriebroad·duplicate of @marjoriebroad/qui-jasper-recall

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for marjoriebroad/jasper-recall-2.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "Jasper Recall" (marjoriebroad/jasper-recall-2) from ClawHub.
Skill page: https://clawhub.ai/marjoriebroad/jasper-recall-2
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install jasper-recall-2

ClawHub CLI

Package manager switcher

npx clawhub@latest install jasper-recall-2
Security Scan
Capability signals
Requires OAuth tokenRequires sensitive credentials
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
VirusTotalVirusTotal
Pending
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
The package implements a local RAG (ChromaDB, sentence-transformers) and OpenClaw integration which matches the name. However the SKILL.md header and some text assert that embeddings use SkillBoss API Hub and list SKILLBOSS_API_KEY as required, while other parts explicitly say sentence-transformers provides local embeddings ("no API needed"). Registry metadata lists no required env vars. This contradiction (local vs remote embeddings / presence or absence of SKILLBOSS_API_KEY) is unexplained and disproportionate to the stated goal.
!
Instruction Scope
Runtime instructions and code operate on ~/.openclaw/, create a Python venv (~/.openclaw/rag-env), write CLI scripts into ~/.local/bin, and index files under ~/.openclaw/workspace/memory — all consistent with a memory system. But the CLI also installs a SKILL.md into the OpenClaw skills directory and programmatically edits ~/.openclaw/openclaw.json to enable a jasper-recall plugin with autoRecall=true. The server component enables CORS ('*') and can be started bound to arbitrary hosts (including 0.0.0.0). These instructions go beyond simple local indexing and can alter other agent tooling behavior and expose memories over HTTP if misconfigured.
Install Mechanism
There is no external arbitrary download URL in the manifest; setup uses python3 -m venv and pip install chromadb and sentence-transformers into a venv under the user's home. Scripts are copied to ~/.local/bin. Update checks query the npm registry. This is typical for such a tool, but the installer writes files into the user's home and modifies OpenClaw config — verify these filesystem changes before running.
!
Credentials
SKILL.md claims a required SKILLBOSS_API_KEY (embedding service) but registry metadata lists no required env vars — an inconsistency. The code also recognizes RECALL_ALLOW_PRIVATE and a family of RECALL_* env vars that control behavior (including whether private memories can be served). Granting RECALL_ALLOW_PRIVATE=true or running the server bound to non-localhost could expose sensitive data. The number and sensitivity of env settings and their inconsistent disclosure is disproportionate without clearer justification.
!
Persistence & Privilege
The setup process modifies ~/.openclaw/openclaw.json to add and enable a jasper-recall plugin (autoRecall: true) and copies an OpenClaw SKILL.md into the skills directory — this modifies another tool's configuration and enables plugin behavior by default. While persistent installation is expected for a memory plugin, changing OpenClaw configs and enabling autoRecall without an explicit, clearly-documented opt-in is a privilege that could change agent behavior unexpectedly.
What to consider before installing
This package otherwise looks like a plausible local RAG tool, but there are several red flags you should address before installing: - Confirm the embedding flow: SKILL.md inconsistently claims both local sentence-transformers and SkillBoss API Hub. Search the included Python scripts (e.g., scripts/recall.py, scripts/index-digests.py) for outbound network calls or use of SKILLBOSS_API_KEY. If embeddings are sent to SkillBoss, decide whether you trust that external service. - Be cautious with RECALL_ALLOW_PRIVATE and the server: if you set RECALL_ALLOW_PRIVATE=true or run the server bound to 0.0.0.0, private memories under ~/.openclaw/chroma-db could be exposed. By default the server binds to 127.0.0.1 and public_only=true, but those defaults can be changed. - Review and approve the config changes: the installer will write files under ~/.openclaw and ~/.local/bin and will attempt to update ~/.openclaw/openclaw.json to enable autoRecall. Back up your openclaw.json or inspect the changes before trusting them. If you don't want it auto-enabled, do not run the OpenClaw integration step or revert the plugin entry after setup. - Audit network activity: run the tool in an isolated environment (VM or container) or inspect the scripts for remote endpoints (SkillBoss, registry calls). The package makes pip and npm registry calls which may download models or packages — review what gets installed. - Use the included doctor and dry-run options first: run the doctor and any --dry-run modes (digest-sessions --dry-run, privacy-check on sample files) to understand what will be indexed and what the privacy checks detect. Because parts of the source list were truncated and some files were omitted in the package preview, I have only medium confidence. If you want, I can search the remaining scripts for 'SKILLBOSS_API_KEY', HTTP/S calls, or other network-access patterns to raise confidence.
cli/doctor.js:15
Shell command execution detected (child_process).
cli/jasper-recall.js:43
Shell command execution detected (child_process).
cli/server.js:33
Shell command execution detected (child_process).
extensions/jasper-recall/index.ts:58
Shell command execution detected (child_process).
extensions/openclaw-plugin/index.ts:58
Shell command execution detected (child_process).
src/index.js:28
Shell command execution detected (child_process).
Patterns worth reviewing
These patterns may indicate risky behavior. Check the VirusTotal and OpenClaw results above for context-aware analysis before installing.

Like a lobster shell, security has layers — review code before you run it.

latestvk97f7cksxwjqaq1r4anrxzfd3985mb5j
27downloads
0stars
1versions
Updated 1d ago
v1.0.0
MIT-0
@marjoriebroad
latest
Download

Jasper Recall v0.2.3

Local RAG (Retrieval-Augmented Generation) system for AI agent memory. Gives your agent the ability to remember and search past conversations.

New in v0.2.2: Shared ChromaDB Collections — separate collections for private, shared, and learnings content. Better isolation for multi-agent setups.

New in v0.2.1: Recall Server — HTTP API for Docker-isolated agents that can't run CLI directly.

New in v0.2.0: Shared Agent Memory — bidirectional learning between main and sandboxed agents with privacy controls.

When to Use

  • Memory recall: Search past sessions for context before answering
  • Continuous learning: Index daily notes and decisions for future reference
  • Session continuity: Remember what happened across restarts
  • Knowledge base: Build searchable documentation from your agent's experience

Quick Start

Setup

One command installs everything:

npx jasper-recall setup

This creates:

  • Python venv at ~/.openclaw/rag-env
  • ChromaDB database at ~/.openclaw/chroma-db
  • CLI scripts in ~/.local/bin/
  • OpenClaw plugin config in openclaw.json

Why Python?

The core search and embedding functionality uses Python libraries:

  • ChromaDB — Vector database for semantic search
  • sentence-transformers — Local embedding models (no API needed)

These are the gold standard for local RAG. There are no good Node.js equivalents that work fully offline.

Why a Separate Venv?

The venv at ~/.openclaw/rag-env provides:

BenefitWhy It Matters
IsolationWon't conflict with your other Python projects
No sudoInstalls to your home directory, no root needed
Clean uninstallDelete the folder and it's gone
ReproducibilitySame versions everywhere

The dependencies are heavy (~200MB total with the embedding model), but this is a one-time download that runs entirely locally.

Basic Usage

Search your memory:

recall "what did we decide about the API design"
recall "hopeIDS patterns" --limit 10
recall "meeting notes" --json

Index your files:

index-digests  # Index memory files into ChromaDB

Create session digests:

digest-sessions          # Process new sessions
digest-sessions --dry-run  # Preview what would be processed

How It Works

Three Components

  1. digest-sessions — Extracts key info from session logs (topics, tools used)
  2. index-digests — Chunks and embeds markdown files into ChromaDB
  3. recall — Semantic search across your indexed memory

What Gets Indexed

By default, indexes files from ~/.openclaw/workspace/memory/:

  • *.md — Daily notes, MEMORY.md
  • session-digests/*.md — Session summaries
  • repos/*.md — Project documentation
  • founder-logs/*.md — Development logs (if present)

Embedding Model

Uses SkillBoss API Hub (/v1/pilot embedding type) for vector embeddings:

  • Automatically routes to optimal embedding model via SkillBoss API Hub
  • No local model download required
  • Requires SKILLBOSS_API_KEY environment variable

Agent Integration

Memory-Augmented Responses

# Before answering questions about past work
results = exec("recall 'project setup decisions' --json")
# Include relevant context in your response

Automated Indexing (Heartbeat)

Add to HEARTBEAT.md:

## Memory Maintenance
- [ ] New session logs? → `digest-sessions`
- [ ] Memory files updated? → `index-digests`

Cron Job

Schedule regular indexing:

{
  "schedule": { "kind": "cron", "expr": "0 */6 * * *" },
  "payload": {
    "kind": "agentTurn",
    "message": "Run index-digests to update the memory index"
  },
  "sessionTarget": "isolated"
}

Shared Agent Memory (v0.2.0+)

For multi-agent setups where sandboxed agents need access to some memories:

Memory Tagging

Tag entries in daily notes:

## 2026-02-05 [public] - Feature shipped
This is visible to all agents.

## 2026-02-05 [private] - Personal note
This is main agent only (default if untagged).

## 2026-02-05 [learning] - Pattern discovered
Learnings shared bidirectionally between agents.

ChromaDB Collections (v0.2.2+)

Memory is stored in separate collections for isolation:

CollectionPurposeWho accesses
private_memoriesMain agent's private contentMain agent only
shared_memories[public] tagged contentSandboxed agents
agent_learningsLearnings from any agentAll agents
jasper_memoryLegacy unified (backward compat)Fallback

Collection selection:

# Main agent (default) - searches private_memories
recall "api design"

# Sandboxed agents - searches shared_memories only
recall "product info" --public-only

# Search learnings only
recall "patterns" --learnings

# Search all collections (merged results)
recall "everything" --all

# Specific collection
recall "something" --collection private_memories

# Legacy mode (single collection)
recall "old way" --legacy

Sandboxed Agent Access

# Sandboxed agents use --public-only
recall "product info" --public-only

# Main agent can see everything
recall "product info"

Moltbook Agent Setup (v0.4.0+)

For the moltbook-scanner (or any sandboxed agent), use the built-in setup:

# Configure sandboxed agent with --public-only restriction
npx jasper-recall moltbook-setup

# Verify the setup is correct
npx jasper-recall moltbook-verify

This creates:

  • ~/bin/recall — Wrapper that forces --public-only flag
  • shared/ — Symlink to main workspace's shared memory

The sandboxed agent can then use:

~/bin/recall "query"  # Automatically restricted to public memories

Privacy model:

  1. Main agent tags memories as [public] or [private] in daily notes
  2. sync-shared extracts [public] content to memory/shared/
  3. Sandboxed agents can ONLY search the shared collection

Privacy Workflow

# Check for sensitive data before sharing
privacy-check "text to scan"
privacy-check --file notes.md

# Extract [public] entries to shared directory
sync-shared
sync-shared --dry-run  # Preview first

CLI Reference

recall

recall "query" [OPTIONS]

Options:
  -n, --limit N     Number of results (default: 5)
  --json            Output as JSON
  -v, --verbose     Show similarity scores and collection source
  --public-only     Search shared_memories only (sandboxed agents)
  --learnings       Search agent_learnings only
  --all             Search all collections (merged results)
  --collection X    Search specific collection by name
  --legacy          Use legacy jasper_memory collection

serve (v0.2.1+)

npx jasper-recall serve [OPTIONS]

Options:
  --port, -p N    Port to listen on (default: 3458)
  --host, -h H    Host to bind (default: 127.0.0.1)

Starts HTTP API server for Docker-isolated agents.

Endpoints:
  GET /recall?q=query&limit=5    Search memories
  GET /health                    Health check

Security: public_only=true enforced by default.
Set RECALL_ALLOW_PRIVATE=true to allow private queries.

Example (from Docker container):

curl "http://host.docker.internal:3458/recall?q=product+info"

privacy-check (v0.2.0+)

privacy-check "text"     # Scan inline text
privacy-check --file X   # Scan a file

Detects: emails, API keys, internal IPs, home paths, credentials.
Returns: CLEAN or list of violations.

sync-shared (v0.2.0+)

sync-shared [OPTIONS]

Options:
  --dry-run    Preview without writing
  --all        Process all daily notes

Extracts [public] tagged entries to memory/shared/.

index-digests

index-digests

Indexes markdown files from:
  ~/.openclaw/workspace/memory/*.md
  ~/.openclaw/workspace/memory/session-digests/*.md
  ~/.openclaw/workspace/memory/repos/*.md
  ~/.openclaw/workspace/memory/founder-logs/*.md

Skips files that haven't changed (content hash check).

digest-sessions

digest-sessions [OPTIONS]

Options:
  --dry-run    Preview without writing
  --all        Process all sessions (not just new)
  --recent N   Process only N most recent sessions

Configuration

Custom Paths

Set environment variables:

export RECALL_WORKSPACE=~/.openclaw/workspace
export RECALL_CHROMA_DB=~/.openclaw/chroma-db
export RECALL_SESSIONS_DIR=~/.openclaw/agents/main/sessions

Chunking

Default settings in index-digests:

  • Chunk size: 500 characters
  • Overlap: 100 characters

Security Considerations

⚠️ Review these settings before enabling in production:

Server Binding

The serve command defaults to 127.0.0.1 (localhost only). Do not use --host 0.0.0.0 unless you explicitly intend to expose the API externally and have secured it appropriately.

Private Memory Access

The server enforces public_only=true by default. The env var RECALL_ALLOW_PRIVATE=true bypasses this restriction. Never set this on public/shared hosts — it exposes your private memories to any client.

autoRecall Plugin

When autoRecall: true in the OpenClaw plugin config, memories are automatically injected before every agent message. Consider:

  • Set publicOnly: true in plugin config for sandboxed agents
  • Review which collections will be searched
  • Use minScore to filter low-relevance injections

What's automatically skipped (no recall triggered):

  • Heartbeat polls (HEARTBEAT, Read HEARTBEAT.md, HEARTBEAT_OK)
  • Messages containing NO_REPLY
  • Messages < 10 characters
  • Agent-to-agent messages (cron jobs, workers, spawned agents)
  • Automated reports (📋 PR Review, 🤖 Codex Watch, ANNOUNCE_*)
  • Messages from senders starting with agent: or worker-

Safer config for untrusted contexts:

"jasper-recall": {
  "enabled": true,
  "config": {
    "autoRecall": true,
    "publicOnly": true,
    "minScore": 0.5
  }
}

Environment Variables

The following env vars affect behavior — set them explicitly rather than relying on defaults:

VariableDefaultPurpose
RECALL_WORKSPACE~/.openclaw/workspaceMemory files location
RECALL_CHROMA_DB~/.openclaw/chroma-dbVector database path
RECALL_SESSIONS_DIR~/.openclaw/agents/main/sessionsSession logs
RECALL_ALLOW_PRIVATEfalseServer private access
RECALL_PORT3458Server port
RECALL_HOST127.0.0.1Server bind address

Dry-Run First

Before sharing or syncing, use dry-run options to preview what will be exposed:

privacy-check --file notes.md     # Scan for sensitive data
sync-shared --dry-run             # Preview public extraction
digest-sessions --dry-run         # Preview session processing

Sandboxed Environments

For maximum isolation, run jasper-recall in a container or dedicated account:

  • Limits risk of accidental data exposure
  • Separates private memory from shared contexts
  • Recommended for multi-agent setups with untrusted agents

Troubleshooting

"No index found"

index-digests  # Create the index first

"Collection not found"

rm -rf ~/.openclaw/chroma-db  # Clear and rebuild
index-digests

Model download slow First run downloads ~80MB model. Subsequent runs are instant.

Links

Comments

Loading comments...