ocmemog-installer
ReviewAudited by ClawScan on May 10, 2026.
Overview
The skill appears to install the memory plugin it describes, but its fallback path clones and runs unpinned GitHub code, starts a background sidecar, and changes OpenClaw memory configuration.
Install only if you trust the ocmemog upstream repository and are comfortable running a local memory sidecar. Prefer the package install path, ask to see the exact config changes, and avoid the source-installer fallback unless you can review or pin the repository version.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A later change in the upstream repository or its dependencies could change what runs on the user's machine without being reflected in this skill's reviewed files.
The installer pulls the current repository state and installs dependencies from it without pinning a specific release, tag, commit, or checksum.
REPO_URL="https://github.com/simbimbo/ocmemog.git" ... git -C "$REPO_DIR" pull --ff-only ... git clone "$REPO_URL" "$REPO_DIR" ... "$REPO_DIR/.venv/bin/pip" install -r "$REPO_DIR/requirements.txt"
Pin the fallback install to a reviewed tag or commit, verify checksums or signatures where possible, and prefer the public package path unless the user explicitly wants a source checkout.
The install can execute code that is not included in the supplied skill artifacts and can leave a background service running under the user's account.
After cloning the external repository, the script executes repository-provided scripts and starts the sidecar process.
if [ "$(uname -s)" = "Darwin" ]; then "$REPO_DIR/scripts/ocmemog-install.sh" else nohup "$REPO_DIR/scripts/ocmemog-sidecar.sh" >"$REPO_DIR/.ocmemog-sidecar.log" 2>&1 &
Ask for clear user confirmation before running the repo installer, show the exact source version being used, and provide a safe way to inspect, stop, and remove the sidecar.
The user's OpenClaw memory slot may be changed to use this plugin, affecting future agent memory behavior.
The skill directs the agent to modify OpenClaw configuration automatically.
If config patch tooling is available, patch config automatically instead of asking the user to hand-edit files.
Show the configuration diff or final config values to the user, and preserve unrelated plugin settings as the skill already instructs.
Conversation-derived information may be stored and reused later, which can be useful but may also retain sensitive or incorrect context.
The plugin is intended to provide durable memory and retrieve stored memory across tasks.
enable transcript-backed continuity ... Validate /healthz and a memory search/get smoke test.
Review the plugin's storage location, retention controls, and deletion process before storing sensitive conversations.
A local memory sidecar may keep running after installation and may start automatically on macOS.
The repo installer path is described as loading a persistent LaunchAgent-style sidecar.
this path creates `.venv`, installs Python requirements, attempts plugin install/enable, loads LaunchAgents, and pulls local Ollama models when Ollama is available
Document how to stop, disable, and uninstall the sidecar, and keep it bound to 127.0.0.1 as the skill recommends.