🧠 Supermemory

The plugin's code, instructions, and configuration are consistent with a local graph-based memory plugin; no evidence it is trying to do something unrelated, but there are a few privacy/attention items you should review before enabling cloud embeddings or auto-capture.

What to consider before installing: - This plugin appears to be what it claims: a local SQLite-based memory system for OpenClaw. The main risks are privacy and data leakage, not hidden malicious behavior. - If you enable embeddings with a cloud provider (OpenAI, Gemini, etc.), your conversation text and/or derived embeddings will be sent to that provider. If you need stronger privacy, either disable embeddings (embedding.enabled: false) or use a local embedding provider (e.g., Ollama or another local endpoint) and avoid entering cloud API keys. - Auto-capture and auto-recall are convenient but cause the plugin to automatically process and store conversation turns. If you have sensitive conversations, disable auto-capture or auto-recall and use manual /remember and /recall commands. - The configure flow will read and write your OpenClaw config (~/.openclaw/openclaw.json) and the plugin will create a DB under ~/.openclaw by default. Back up any existing config before making changes if you are cautious. - The code will attempt to load a sqlite vector extension (sqlite-vec) when embeddings are enabled; loading external SQLite extensions can execute native code if present on the host. This is expected for vector search but be mindful of the host environment and only enable embeddings if you trust installed extensions or run local providers. - Because a prompt-injection pattern was flagged in the SKILL.md, scan the full (non-truncated) SKILL.md and the code for any instructions that attempt to modify model/system prompts, or otherwise manipulate agent/system behavior beyond memory retrieval. If you are not comfortable auditing, consider disabling auto-capture and embeddings, then test the plugin in a controlled environment. - Overall: reasonable and coherent for its purpose. Use local embedding providers or disable embeddings to minimize external data exposure, and be mindful of auto-capture settings.