Google Vertex AI Memory Bank
ReviewAudited by ClawScan on May 10, 2026.
Overview
This is a coherent cloud memory plugin, but it automatically stores and reuses cross-agent memories and installs unpinned remote code, so it needs careful review before use.
Install this only if you are comfortable with OpenClaw storing long-term memories in your Google Cloud project. Before running the setup script, review and ideally pin the GitHub source, use a dedicated GCP project or least-privilege credentials, check billing implications, and consider disabling automatic capture/file sync or setting a retention TTL.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Private or sensitive facts from conversations may be stored in Vertex AI Memory Bank and later shown to other agents or injected into future prompts.
The skill explicitly enables persistent memory that is automatically written after turns and reused across agents, which can expose sensitive context and influence future tasks.
- **Auto-recall**: Before each turn, relevant memories are retrieved and injected into context - **Auto-capture**: After each turn, facts are extracted and stored automatically - **Cross-agent**: Tell one agent something, all agents remember it
Use only if you want cloud-backed long-term memory. Consider disabling autoCapture or autoSyncFiles, setting a TTL, reviewing stored memories, and using the forget command for sensitive entries.
Code from the remote repository or its dependencies can run locally during setup and may later operate inside OpenClaw with memory and GCP access.
The installer downloads the latest remote repository and runs npm commands, including build scripts, without pinning a version or providing the plugin source in the reviewed artifact set.
git clone https://github.com/Shubhamsaboo/openclaw-vertexai-memorybank.git "$PLUGIN_DIR" ... npm install npm run build
Review the GitHub repository and dependencies before running setup, pin to a trusted commit or release, and avoid installing directly from an unreviewed moving branch.
The script can change the selected GCP project and create resources that may have billing or access implications.
The setup flow uses the user's authenticated Google Cloud account to enable Vertex AI and create a reasoning engine, which is expected for this integration but uses real cloud privileges.
gcloud auth application-default login ... -H "Authorization: Bearer $(gcloud auth print-access-token)" ... gcloud services enable aiplatform.googleapis.com --project="$PROJECT_ID"
Use a dedicated GCP project or least-privilege account, confirm the selected project and region, and monitor Vertex AI resources and billing after setup.