Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Andrew Memory Layer
v1.0.0Product-grade semantic memory layer for AI agents using LanceDB. Provides long-term memory with semantic search, Core Identity management, and conversation d...
⭐ 0· 66·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
Name, description, and code align: the plugin implements a LanceDB-backed memory layer (add/search/identity/distill/regenerate). Minor mismatch: SKILL.md and source reference an optional MINIMAX_API_KEY for cloud mode, but the registry metadata lists no required env vars — the key is optional in code (process.env.MINIMAX_API_KEY). The plugin also requires Node >=22 and @lancedb/lancedb (declared in package.json).
Instruction Scope
Runtime behavior stays within the described scope: memories are written to a dataDir (default ~/.andrew-memory/data), semantic search uses embeddings, and conversation distillation calls an LLM. Important runtime actions that affect privacy/security: conversation text and distilled memory content may be sent to external endpoints (https://api.minimaxi.com and optionally a local Ollama instance at the configured localLlmUrl). The SKILL.md warns about MiniMax API key but the plugin will still operate in local mode. There is no instruction to read unrelated system files or other skills' configs.
Install Mechanism
No explicit install spec is included in the registry entry (instruction-only install), but the package.json and package-lock.json are present and list @lancedb/lancedb and its transitive deps. There are no downloads from arbitrary URLs or URL shorteners. One oddity: index.js uses an absolute require path ('/usr/lib/node_modules/openclaw/dist/plugin-sdk/plugin-entry.js') to load the OpenClaw SDK — this is fragile and assumes a specific global install location, but not obviously malicious.
Credentials
The plugin accesses only a small set of environment or system items: process.env.MINIMAX_API_KEY (optional), os.homedir() for default dataDir, and network access for LLM/embedding endpoints. The registry metadata lists no required env vars even though SKILL.md documents MINIMAX_API_KEY for cloud mode — this is an omission but not a functional mismatch. No other unrelated secrets or credentials are requested.
Persistence & Privilege
The plugin writes persistent data to its own directory (default ~/.andrew-memory/data) and creates LanceDB tables. always:false and it does not modify other skills or system-wide settings. Persistent storage of user conversations is expected behavior for a memory layer; users should be aware that stored memories are retained on disk.
Assessment
This plugin appears to do what it says: local LanceDB storage and optional cloud embeddings/distillation via MiniMax. Before installing, consider: (1) Privacy: stored memories are persisted under ~/.andrew-memory/data — review or change dataDir if you don't want data in your home directory. (2) Network: in 'api' mode conversation text and queries are sent to https://api.minimaxi.com (requires MINIMAX_API_KEY); use 'local' mode and run a local Ollama if you want to avoid sending data to the cloud. (3) Dependencies: the plugin relies on @lancedb/lancedb and Node >=22 — ensure those meet your environment/policy. (4) Robustness: index.js uses an absolute path to the OpenClaw SDK which may fail on some systems — inspect/adjust that path before enabling. If you have sensitive data, run the plugin in a sandboxed agent or review the source in full (already present) and prefer local LLM mode.src/MemoryClient.js:33
Environment variable access combined with network send.
Patterns worth reviewing
These patterns may indicate risky behavior. Check the VirusTotal and OpenClaw results above for context-aware analysis before installing.Like a lobster shell, security has layers — review code before you run it.
latestvk974drfx8e7f18pqzjd66j12nn83qrf3
License
MIT-0
Free to use, modify, and redistribute. No attribution required.