Gralkor Memory (OpenClaw)
ReviewAudited by ClawScan on May 12, 2026.
Overview
The plugin mostly matches its memory purpose, but test mode can log raw configuration that may include LLM API keys while the plugin also persists and reuses conversation memory.
Review carefully before installing. The memory behavior is broadly expected for this kind of plugin, but keep sensitive data out of conversations and memory files, use a dedicated storage directory, and avoid enabling test mode with real API keys until the logging is redacted.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Anyone who can read OpenClaw logs could potentially see and misuse your LLM provider API keys if test mode is enabled with real credentials.
The plugin schema/config includes googleApiKey, openaiApiKey, anthropicApiKey, and groqApiKey fields, so logging the entire raw pluginConfig can place real provider credentials in local logs when test mode is enabled.
if (config.test) {
console.log(`[gralkor] raw pluginConfig: ${JSON.stringify(api.pluginConfig)}`);
}Do not enable test mode with real API keys unless you understand where logs go. If enabled already, review logs and rotate exposed keys. The publisher should redact secret fields before logging configuration.
Private or stale information saved to memory may be reused in later conversations, and poisoned or inaccurate memory can steer future responses.
The plugin automatically stores conversation turns and selected workspace memory files, then injects recalled memory into future prompts. This is expected for a memory plugin, but the stored content can persist and influence later agent behavior.
`before_prompt_build` — registers the session's group, scans workspace memory files for new content (`MEMORY.md`, `memory/*.md`), and auto-recalls relevant facts which get injected into the prompt. ... `agent_end` — posts the just-finished turn to `/capture`
Use a dedicated dataDir, avoid storing secrets in conversations or MEMORY.md files, periodically review/prune the memory database, and only enable the plugin for agents/workspaces where persistent memory is desired.
Installing the plugin can execute bundled/runtime server code and dependency resolution outside the simple SKILL.md instructions.
The install path explicitly bypasses the unsafe-install scanner and the plugin runs a Python server/dependency setup at boot. This is disclosed and central to the memory backend, but it increases supply-chain trust requirements.
openclaw plugins install @susulabs/gralkor --dangerously-force-unsafe-install ... First boot takes 1–2 min while `uv sync` resolves Graphiti + falkordblite; subsequent starts reuse the venv.
Install only if you trust the publisher and dependency chain. Prefer reviewing the npm package, the @susulabs/gralkor-ts dependency, and the Gralkor Python server sources before using the unsafe-install override.