Code Pluginsource linked
MemClaw Context Enginev0.9.53
MemClaw Context Engine - Native context management for OpenClaw with automatic recall and capture
Community code plugin. Review compatibility and verification before install.openclaw plugins install clawhub:@memclaw/memclaw-context-engineLatest release: v0.9.53Download zip
Capabilities
- configSchema
- Yes
- Executes code
- Yes
- HTTP routes
- 0
- Plugin kind
- context-engine
- Runtime ID
- memclaw-context-engine
Compatibility
- Built With Open Claw Version
- 2026.3.8
- Min Gateway Version
- 2026.3.8
- Plugin Api Range
- >=1.0.0
- Plugin Sdk Version
- 2026.3.8
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
The name/description match the code: this plugin implements a context/memory engine, client calls to a local cortex-mem service, tools for search/recall/ingest, and logic to start/manage local supporting services (qdrant, cortex-mem-service). Starting local binaries and managing tenant/session state is coherent with a native memory engine, but is more intrusive than a simple 'helper' skill — it intentionally manages services and writes config files.
Instruction Scope
Runtime behavior (index.js) will create/ensure a config file, prompt/open it for user editing, register tools and a context engine, and attempt to auto-start local services on registration. The published SKILL.md content appears to contain the package.json metadata rather than a typical human-facing runtime instruction doc; nonetheless the code's instructions are scoped to the plugin's purpose. The plugin writes a local config and uses PID/service management utilities; it does not attempt to read arbitrary unrelated system files or call external endpoints other than service endpoints (defaulting to http://localhost:8085).
Install Mechanism
No external download/install spec is present; the plugin ships prebuilt dist/ files. OptionalDependencies reference platform binary packages (@memclaw/bin-*) but those are standard npm optional deps (no opaque URLs). No extract-from-URL installs or URL-shortened downloads were observed.
Credentials
Registry metadata declares no required env vars or primary credential. The plugin creates a config file and instructs the user to populate llm.api_key and embedding.api_key there. Requiring LLM/embedding keys is proportionate to its function, but the plugin does not declare them as required environment variables — they are stored/read from its config file instead. It also requires filesystem access to write config/pid files and to start local services.
Persistence & Privilege
always:false and the plugin is user-invocable. It registers services/tools and will attempt to start/stop local processes (service lifecycle) and create a local config file — behavior expected for a local context engine. It does not modify other skills or request permanent platform-level override privileges.
Assessment
This plugin is consistent with a local memory/context engine but has behaviours you should accept consciously: it will create a local configuration file and ask you to add llm.api_key and embedding.api_key (so you should provide least-privileged keys and store them securely). It attempts to start/manage local services (qdrant, cortex-mem-service) and uses PID files; ensure you are comfortable with a plugin launching local binaries and writing files. Optional platform-specific binary packages (@memclaw/bin-*) are referenced — if you see additional native binaries installed, inspect them or run in an isolated environment. The SKILL.md shown is actually package metadata rather than user-facing prose, so review the plugin’s repository (git URL in metadata) if you want human-readable docs. If you prefer not to let the plugin auto-start services, disable autoStartServices in its config before allowing it to run.Verification
- Tier
- source linked
- Scope
- artifact only
- Summary
- Validated package structure and linked the release to source metadata.
- Commit
- c3035ff36cac
- Tag
- main
- Provenance
- No
- Scan status
- clean
Tags
- latest
- 0.9.53