Chromadb Memory Pub

ReviewAudited by ClawScan on May 1, 2026.

Overview

This is a coherent local memory plugin, but users should understand that it automatically injects retrieved long-term memories into the agent context.

Install only if you are comfortable with a persistent memory plugin automatically retrieving from your ChromaDB collection. Keep ChromaDB and Ollama local or trusted, avoid indexing secrets, pin the Docker image version, and disable auto-recall if you prefer explicit searches only.

Findings (3)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Medium

#ASI06: Memory and Context Poisoning

What this means

Information from prior indexed documents or transcripts may automatically affect the agent's answers and may be repeated back if relevant.

Why it was flagged

The skill intentionally retrieves persistent memory and places it into the agent context each turn, which can expose stored private context or let poisoned indexed content influence future responses.

Skill content

Before every agent turn, queries ChromaDB with the user's message and injects relevant context automatically

Recommendation

Use a trusted, scoped ChromaDB collection; avoid indexing secrets; consider setting autoRecall to false for manual-only searches; and periodically review stored memories.

Low

#ASI07: Insecure Inter-Agent Communication

What this means

If Ollama or ChromaDB URLs are set to remote or shared services, those services may receive user queries or memory search data.

Why it was flagged

User/search text is sent to the configured Ollama endpoint for embedding, and ChromaDB is queried over the configured URL. This is expected for the skill, but endpoint trust matters.

Skill content

fetch(`${ollamaUrl}/api/embeddings`, { ... body: JSON.stringify({ model, prompt: text }) })

Recommendation

Keep the configured Ollama and ChromaDB endpoints local or otherwise trusted; use protected network access if exposing them remotely.

Low

#ASI04: Agentic Supply Chain Vulnerabilities

What this means

A future image tagged 'latest' may differ from the version the skill author tested.

Why it was flagged

The setup example pulls a mutable Docker image tag, so the actual ChromaDB image can change over time.

Skill content

docker run -d --name chromadb -p 8100:8000 chromadb/chroma:latest

Recommendation

Pin the ChromaDB Docker image to a specific trusted version and review plugin files before copying them into the OpenClaw extensions directory.