OpenClaw MongoDB Semantic Memory
ReviewAudited by ClawScan on May 10, 2026.
Overview
The skill’s memory purpose is coherent, but it automatically records and reinjects long-term session context while relying on an unreviewed daemon/provider setup.
Review this carefully before installing. It is not clearly malicious, but it is a powerful memory skill: it can automatically save information from conversations, summarize sessions, and inject remembered context later. Use it only with trusted storage/provider configuration, avoid saving secrets, and disable automatic hooks if you want memory to happen only when you explicitly ask.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent may remember information you did not explicitly ask it to save, reuse it in later sessions, and mix remembered context into tool outputs.
The skill explicitly stores and reinjects persistent memories automatically, including into future context and tool-result annotations. That is central to the skill, but it creates broad cross-session state that can capture sensitive information or poison later agent behavior if incorrect or malicious memories are stored.
`auto-remember` Hook Fires after every agent response... `session-to-memory`... stores it as a searchable memory... `memory-bootstrap`... injects them into context... `memory-enriched-tools`... Appends related memories as context annotations to Read/Grep/Glob/Bash outputs.
Install only if you want automatic long-term memory. Review stored memories regularly, avoid storing secrets, use `memory_forget` for cleanup, and consider disabling hooks with `hooksEnabled: false` unless you want automatic capture.
You would be trusting external or preexisting components that were not included in this review to store, search, delete, and inject long-term memories.
The reviewed package contains no implementation, while SKILL.md describes a localhost daemon, available tools, and lifecycle hooks. For a high-impact memory system, this leaves the actual daemon/plugin code, dependency provenance, and data-handling behavior outside the reviewed artifact.
No install spec — this is an instruction-only skill. No code files present — this is an instruction-only skill.
Before installing, verify the actual daemon/plugin source, version, configuration, and dependencies. Prefer a package that declares its runtime components, capabilities, and credentials clearly.
Memories may be stored or processed outside the immediate chat environment, depending on how MongoDB and Voyage AI are configured.
The skill discloses that remembered content is tied to MongoDB storage and Voyage AI semantic search. This is expected for the stated purpose, but it means remembered facts, preferences, and decisions may cross service or account boundaries depending on the daemon configuration.
**MongoDB-backed long-term memory with Voyage AI semantic search**
Confirm whether MongoDB is local or hosted, which Voyage AI account is used, and what retention, encryption, and access controls apply.