Delta-Mem MLX
ReviewAudited by ClawScan on May 17, 2026.
Overview
This is a coherent local MLX sidecar helper, but using its managed setup runs local helper processes, downloads external model/sidecar artifacts, and can pass retrieved memory snippets into the sidecar.
Install this if you want a local Apple Silicon delta-mem sidecar and are comfortable running its helper scripts. Before using managed install, review or trust the external sidecar repository and Hugging Face artifacts. Keep the sidecar URL local or trusted, and remember that attention-state memory lookup is enabled by default in the generated provider config.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Running the managed installer may download and later run code/model artifacts that are not fully contained in this plugin package.
The managed installer can fetch a sidecar repository and Hugging Face model artifacts outside the plugin package.
const REPO_URL = "https://github.com/elimaine/delta-mem-mlx-sidecar-w-openclaw.git"; ... run("hf", ["download", modelConfig.modelPath]);Use the managed installer only if you trust the sidecar repository and model sources; consider reviewing or pinning the sidecar checkout before starting it.
Starting the sidecar runs local Python code and opens the configured local service port.
The start helper launches a Python uvicorn process from the sidecar checkout.
const child = spawn(python, ["-m", "uvicorn", "delta_mem_sidecar.app:create_app", "--factory", "--host", host, "--port", port], { cwd: sidecarDir, env, stdio: "inherit" });Run the start script only from a trusted sidecar directory and keep the host binding at 127.0.0.1 unless you intentionally need network exposure.
The sidecar may continue running after the setup command exits.
The managed installer can start the sidecar as a detached background process after setup.
const child = spawn(process.execPath, args, { detached: true, stdio: ["ignore", logFd, logFd] }); child.unref();Check the printed PID/log file after installation and stop the sidecar when you no longer want the local provider running.
Private or stale retrieved memory may influence answers without appearing in the visible chat transcript.
The skill intentionally routes retrieved memory snippets into a hidden attention-state path that can influence model responses.
Retrieved memory should not be appended to the visible chat... The sidecar accepts hidden memory-shaping input as... attention_state... The sidecar then preloads those snippets into the per-session δ-state
Use this only with trusted QMD indexes and sidecars, and disable attentionStateEnabled or reduce the limit if you do not want memory snippets used automatically.
If the sidecar URL is changed to an untrusted or exposed endpoint, chat content and retrieved memory context could be sent there.
The generated provider config sends OpenClaw chat-completion traffic and session headers to the configured sidecar URL, defaulting to localhost.
baseUrl: `${cleanBaseUrl}/v1`, apiKey: "local", request: { allowPrivateNetwork: true }, headers: { "X-OpenClaw-Session-Key": sessionKey }Keep sidecarBaseUrl on localhost or another trusted endpoint, and avoid sharing the sidecar on a network without appropriate controls.