ClawHub

Chromadb Memory Pub

v1.2.1

Long-term memory via ChromaDB with local Ollama embeddings. Auto-recall injects relevant context every turn. No cloud APIs required — fully self-hosted.

15· 4.5k·24 current·28 all-time
by@msensintaffar
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
Name/description match the code and SKILL.md: it embeds user messages with Ollama and queries a ChromaDB collection. Requested resources are minimal and in-line with a memory plugin. Minor mismatch: metadata lists 'curl' as a required binary even though the runtime code uses fetch (HTTP) and does not call curl; install instructions assume running OpenClaw gateway commands but do not declare an 'openclaw' binary requirement.
Instruction Scope
SKILL.md and scripts limit behavior to embedding user messages, querying ChromaDB, and injecting results as memories. There are no instructions to read unrelated system files or environment variables. Note: auto-recall will send user messages to the configured Ollama and Chroma endpoints — if those URLs point to remote services, sensitive data will be transmitted.
Install Mechanism
No external install/downloads are used; the skill is instruction-only with bundled plugin files to copy into the user's OpenClaw extensions directory. This is a low-risk install model. Minor practical issue: the bundled runtime is TypeScript (scripts/index.ts); the instructions simply copy the .ts file without explaining compilation/runtime expectations — ensure your OpenClaw runtime supports TS files.
Credentials
The skill declares no required environment variables or secrets, which fits its local-server design. The only sensitive surface is the configurable endpoints (chromaUrl, ollamaUrl): if set to remote hosts they will receive the agent's messages/embeddings, so credentials or remote endpoints would increase risk but are not required by default.
Persistence & Privilege
The skill is not always-enabled and is user-invocable; it registers as a plugin and injects memories before each turn if enabled. Autonomous invocation is default platform behavior — here it's expected for auto-recall. The plugin does not request system-wide privileges or modify other plugins.
Assessment
This plugin appears to do what it says: embed messages with Ollama and query a ChromaDB collection to provide long-term memory. Before installing: (1) Verify you trust the plugin source/contents (review scripts/index.ts and openclaw.plugin.json). (2) Ensure both chromaUrl and ollamaUrl point to services you control (prefer localhost) — otherwise user messages/embeddings would be sent off-host. (3) Note small inconsistencies: metadata lists 'curl' although the code uses fetch, and the plugin is shipped as a TypeScript (.ts) file — confirm your OpenClaw runtime handles .ts files or build a JS variant. (4) If you enable autoRecall, remember it will automatically inject historical data into every agent turn; disable autoRecall if you want manual control. If you want higher assurance, run the plugin in an isolated homelab instance and audit network requests while exercising the tool.

Like a lobster shell, security has layers — review code before you run it.

latestvk974vs7fta9nqhzffb9v96vjbh816jt7

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🧠 Clawdis
Binscurl

Comments