Code Pluginsource linked
OpenClaw Memory Observability Pluginv1.0.3
OpenClaw memory observability plugin (safe mode, no shell execution)
openclaw-memory-observability-plugin·runtime openclaw-memory-observability-plugin·by @vassiliylakhonin
Community code plugin. Review compatibility and verification before install.openclaw plugins install clawhub:openclaw-memory-observability-pluginLatest release: v1.0.3Download zip
Capabilities
- Tags
- configSchema
- Yes
- Executes code
- Yes
- HTTP routes
- 0
- Runtime ID
- openclaw-memory-observability-plugin
Compatibility
- Built With Open Claw Version
- 2026.4.9
- Min Gateway Version
- >=2026.4.9
- Plugin Api Range
- >=2026.4.9
- Plugin Sdk Version
- 2026.4.9
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
The name/description (memory observability, safe mode, no shell execution) match the implementation: the plugin inspects workspace files (DREAMS.md, MEMORY.md, memory/) and optionally reads a diagnostics JSON. Minor inconsistency: the SKILL.md content shown is package metadata rather than prose instructions, but the included index.js and openclaw.plugin.json implement the claimed functionality.
Instruction Scope
The runtime code stays within the stated purpose: it checks for specific files in a workspace path and parses an optional diagnostics JSON. It does read from the filesystem (process.cwd() by default or a configured workspacePath) and will parse the configured diagnosticsFile path if provided — there are no network calls, shell execs, or attempts to read unrelated system configuration. The SKILL.md does not contain human-readable runtime instructions (it contains package metadata), which is unusual but the plugin's behavior is explicit in index.js.
Install Mechanism
No install spec or external downloads are present. The plugin is packaged as local node code (index.js, plugin manifest). Nothing is fetched from remote URLs and no archives are extracted.
Credentials
The plugin requests no environment variables or credentials. It does read filesystem paths: workspacePath (defaults to process.cwd) and an explicit diagnosticsFile path from config. Reading those local files is proportional to its purpose, but a diagnosticsFile value could point to any file the runtime user can access, so avoid configuring it to point at sensitive system files.
Persistence & Privilege
always is false and the plugin does not attempt to modify other skills or system-wide settings. It only reads files and returns a diagnostics object; it does not persist credentials or alter agent configuration.
Assessment
This plugin appears to be what it says: a local observability helper that checks for MEMORY.md, memory/ and a DREAMS.md diary and optionally parses a diagnostics JSON. It does not use the network or run shell commands. Before enabling it, review the plugin config: (1) set workspacePath to a directory you trust instead of leaving process.cwd, and (2) do not point diagnosticsFile at sensitive files (system credentials, SSH keys, etc.), since the plugin will read and parse whatever file path you provide. Also note the SKILL.md content is package metadata rather than human instructions; if you want a readable runtime description, ask the publisher for explicit SKILL.md guidance.Verification
- Tier
- source linked
- Scope
- artifact only
- Summary
- Validated package structure and linked the release to source metadata.
- Commit
- c9bbd36a953a
- Tag
- c9bbd36a953ac0ea04125ebf5e256578cc480668
- Provenance
- No
- Scan status
- clean
Tags
- latest
- 1.0.3