Alibabacloud Tablestore Openclaw Memory
Security checks across static analysis, malware telemetry, and agentic risk
Overview
This is a coherent Alibaba Cloud memory setup, but it asks for broad cloud credentials and can change or bill cloud resources, so it needs review before use.
Install only if you are comfortable granting Alibaba Cloud access for persistent memory. Use a least-privilege RAM role or scoped temporary credentials, review the npm plugin before use, explicitly confirm any paid resource creation or public network exposure, and establish a way to delete or disable stored memories.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If these credentials are exposed or misused, they could give broad ability to administer and read/write Tablestore resources and use the DashScope account.
The setup asks the agent/user to handle long-lived cloud secrets and requires full-access Tablestore authority for a memory plugin, rather than clearly limiting credentials to one instance/table or a least-privilege policy.
Credentials — AccessKey ID + Secret (with `AliyunOTSFullAccess` permission) ... [AGENT] Ask the user ... AccessKey ID ... AccessKey Secret ... 阿里云百炼 API Key
Prefer an ECS RAM role or short-lived, least-privilege RAM user scoped to the intended instance/table; avoid pasting long-lived secrets into chat; use environment variables or a secret store and declare the required credentials in metadata.
A Tablestore instance could become reachable over the public internet, increasing exposure even if authentication is still required.
Changing a cloud database instance to allow public internet access is a high-impact configuration change. The visible onboarding confirms new instance creation, but the supplied artifacts do not show a separate explicit approval for this network exposure fallback.
UpdateInstance ... usage: "Enable public internet access when VPC endpoint is unreachable"
Require explicit user approval before enabling public internet access, prefer private/VPC endpoints, and document how to reverse the change.
The installed plugin code will run inside the user's OpenClaw environment and may receive the configured cloud credentials.
The skill installs an external npm package into OpenClaw. It is version-pinned and asks for consent, but the package contents, source repository, lockfile, and integrity hash are not included in the provided artifacts.
openclaw plugins install @tablestore/openclaw-mem0@0.8.2 ... NPM_CONFIG_REGISTRY=https://registry.npmmirror.com
Verify the npm package publisher/source, prefer an integrity-pinned install, and review the plugin code before granting broad cloud credentials.
Information remembered by the agent may persist in Alibaba Cloud and be retrieved in later sessions.
The skill intentionally stores agent memory in an external cloud vector store for reuse across tasks. This is core to the purpose, but it affects privacy, retention, and future agent context.
Tablestore Mem0 uses Alibaba Cloud Tablestore as the vector store backend for mem0, providing persistent long-term memory for AI agents.
Only store data appropriate for long-term cloud memory, define retention/deletion procedures, and confirm what user data is sent to Tablestore and DashScope.