ClawHub

Novyx Memory

v3.0.0

Enterprise-grade persistent memory for AI agents — rollback, audit trails, knowledge graph, governed actions, time-travel debugging, and 60+ commands coverin...

0· 100·0 current·0 all-time
by@novyxlabs
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
Name/description (persistent memory, rollback, audit, knowledge graph) match the implemented commands and API calls. The single declared credential (NOVYX_API_KEY) is appropriate for a hosted memory service.
Instruction Scope
SKILL.md and index.js instruct the agent to auto-recall relevant memories before responses and auto-save user messages and agent responses (with some length filters). That behavior is within the memory-skill purpose, but it means chat content (including any secrets or PII users type) will be sent to the Novyx API.
Install Mechanism
No external download/install URL is used; package is a normal Node package (axios, dotenv). README suggests cloning and npm install or using ClawHub. No archive downloads or obscure hosts are used by the installer.
Credentials
Only NOVYX_API_KEY is required (declared as primary). The code also optionally reads NOVYX_API_URL (not declared in SKILL.md metadata) — minor documentation mismatch. Requiring a single API key is proportional, but the key grants the service the ability to store and read all auto-saved conversation content.
Persistence & Privilege
always is false and the skill does not request elevated platform privileges or modify other skills. Autonomous invocation is allowed (default) which is expected for a memory skill — combined with auto-save/auto-recall this increases the need to trust the external service but is not itself incoherent.
Assessment
This skill will automatically send user messages and agent responses to an external Novyx API and persist them (auto-save/auto-recall). That is expected for a memory skill but can leak secrets or PII. Before installing: 1) Confirm you trust https://novyxlabs.com and the default API host (index.js defaults to https://novyx-ram-api.fly.dev); 2) Use a dedicated/test API key (not a high-privilege account) if you want to try it; 3) Consider disabling autoSave/autoRecall in configuration if you need manual control; 4) Note a minor doc mismatch: NOVYX_API_URL is supported by the code but not listed in SKILL.md metadata — if you prefer self-hosting, set NOVYX_API_URL to your endpoint; 5) Running the provided test (npm test) will create/delete memories on the configured account, so run tests with a disposable key. If you need a deeper assessment, provide network logs or confirm the official API host and privacy/security docs for Novyx.
index.js:17
Environment variable access combined with network send.
Confirmed safe by external scanners
Static analysis detected API credential-access patterns, but both VirusTotal and OpenClaw confirmed this skill is safe. These patterns are common in legitimate API integration skills.

Like a lobster shell, security has layers — review code before you run it.

auditvk9751wpz0cvvdcbxdh6et6bba58328hdgoverned-actionsvk9751wpz0cvvdcbxdh6et6bba58328hdknowledge-graphvk9751wpz0cvvdcbxdh6et6bba58328hdlatestvk9751wpz0cvvdcbxdh6et6bba58328hdmemoryvk9751wpz0cvvdcbxdh6et6bba58328hdmulti-agentvk9751wpz0cvvdcbxdh6et6bba58328hdpersistencevk9751wpz0cvvdcbxdh6et6bba58328hdrollbackvk9751wpz0cvvdcbxdh6et6bba58328hdsemantic-searchvk9751wpz0cvvdcbxdh6et6bba58328hdtime-travelvk9751wpz0cvvdcbxdh6et6bba58328hdtracingvk9751wpz0cvvdcbxdh6et6bba58328hd

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

EnvNOVYX_API_KEY
Primary envNOVYX_API_KEY

Comments