ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Neural Memory

Associative memory with spreading activation for persistent, intelligent recall. Use PROACTIVELY when: (1) You need to remember facts, decisions, errors, or...

MIT-0 · Free to use, modify, and redistribute. No attribution required.
6 · 5.6k · 55 current installs · 57 all-time installs
byNGUYEN VIET NAM@nhadaututtheky
MIT-0
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name/description and the SKILL.md content are coherent: the skill instructs an agent to use nmem_* tools for recall, remember, audit, intake, and evolution. However the manifest and docs reference additional runtime pieces (pip package 'neural-memory', MCP server entry using command 'uvx', React dashboard, VS Code extension, Telegram backup, multiple embedding providers) while the registry metadata declares no required env vars or config paths. Expectation mismatch: features clearly need extra software and API keys (embedding providers, Telegram) but these are not declared in the skill requirements.
Instruction Scope
SKILL.md and sub-skills are detailed and generally scoped to memory duties (recall, save, audit, intake, evolution). They require access to agent-local memory tools (nmem_recall, nmem_remember, etc.) and reference a config path (~/.neuralmemory/config.toml). The instructions explicitly discourage saving ephemeral or sensitive derivable content and require user confirmation for stores. Still, the docs mention sending brain .db to Telegram (external data transfer) and training from local files (PDF/DOCX/CSV), so deployment will need careful control of what gets transmitted and where.
!
Install Mechanism
The registry has no install spec (instruction-only), yet README/SKILL.md instructs users to 'pip install neural-memory' and plugin.json contains an MCP server config referencing a non-standard command 'uvx'. That means installing the package (outside the marketplace) would pull arbitrary code from PyPI/GitHub. The absence of an install spec in the registry and the presence of external install instructions is an inconsistency and increases risk because code execution would occur via the external pip install step which is not governed by the marketplace manifest.
!
Credentials
The skill declares no required environment variables or credentials, but features and docs mention multiple embedding providers (OpenAI, Gemini, Ollama, Sentence Transformers) and Telegram backups — all of which typically require API keys/tokens. The skill also references a config file path (~/.neuralmemory/config.toml) in several SKILL.md files but the top-level requirements claim no config paths. This mismatch (capabilities that need secrets/config not being declared) is a notable transparency gap.
Persistence & Privilege
always is false and disable-model-invocation is not set, which is normal. The skill includes lifecycle hooks (hooks.json) that invoke external commands (nmem-hook-pre-compact, nmem-hook-stop, etc.) — if the plugin is fully installed and those commands exist, they will run on events. Because the registry entry doesn't install those binaries itself, the hooks do not automatically create privileges, but if you later install the package or create those commands they could be triggered by the host. No evidence here that the skill modifies other skills or requests permanent marketplace-level presence.
What to consider before installing
This skill appears to implement a coherent 'neural' memory workflow, but there are transparency gaps you should resolve before installing or enabling it: 1) The registry lists no install script but the docs tell you to pip install 'neural-memory' — review that PyPI/GitHub package (source, version, recent commits, release artifacts) before running pip. 2) The skill references embedding providers (OpenAI, Gemini, Ollama) and Telegram backups but does not declare required API keys or tokens — assume you will need to supply credentials; verify how and where those are stored (never put secrets into a public or unencrypted brain database). 3) The manifest references an MCP server command 'uvx' and hooks that run local commands; check what those binaries do and only install them from trusted sources. 4) The SKILL.md references ~/.neuralmemory/config.toml but the registry did not declare that path — inspect that config file before use to ensure it doesn't contain unexpected credentials or endpoints. 5) If you want to try it, run it in a sandboxed environment or on a throwaway brain first, and confirm the behavior of Telegram backup and any outbound network calls. If you can, check the upstream GitHub repository and package contents for auditability (who maintains it, issues, license, recent commits).

Like a lobster shell, security has layers — review code before you run it.

Current versionv4.13.0
Download zip
latestvk97fnzjmxgh1tb0z9v1ccqa885839tn8

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

SKILL.md

Neural Memory

Reflex-based memory system for AI agents — stores experiences as interconnected neurons and recalls them through spreading activation, mimicking how the human brain works.

What It Does

Neural Memory gives AI agents persistent, associative memory across sessions. Instead of keyword search, it uses spreading activation through a neural graph — memories that fire together, wire together.

Key Features

  • 45 MCP tools for persistent memory + cognitive reasoning
  • Spreading activation recall — not keyword search, memories activate related memories
  • Cognitive reasoning — hypotheses, evidence, predictions, schema evolution
  • Knowledge base training from PDF, DOCX, PPTX, HTML, JSON, XLSX, CSV
  • Multi-device sync with neural-aware conflict resolution
  • 4 embedding providers — Sentence Transformers, Gemini, Ollama, OpenAI
  • Retrieval pipeline — RRF score fusion, graph expansion, Personalized PageRank
  • Session intelligence — topic EMA tracking, LRU eviction, auto-expiry
  • React dashboard — 7 pages: health, evolution, graph, timeline, settings
  • VS Code extension — status bar, graph explorer, CodeLens, memory tree
  • Fernet encryption for sensitive content
  • Brain versioning — snapshots, rollback, export/import
  • Telegram backup — send brain .db to chat/group/channel

Installation

pip install neural-memory

Or with embeddings:

pip install neural-memory[embeddings]

MCP Configuration

{
  "mcpServers": {
    "neural-memory": {
      "command": "uvx",
      "args": ["--from", "neural-memory", "nmem-mcp"]
    }
  }
}

Usage

Neural Memory works automatically once configured.

RECALL — before responding to tasks that reference past work:

  • New session → nmem_recall("current project context")
  • Past decision/event → nmem_recall("<project> <topic>")
  • Skip for purely new, self-contained questions

SAVE — after completing each task, if you made a decision, fixed a bug, learned a preference, or discovered a pattern:

  • nmem_remember(content="Chose X over Y because Z", type="decision", priority=7, tags=["project", "topic"])
  • Use causal language (not flat facts). Max 1-3 sentences.
  • Do NOT save ephemeral file reads, things in git history, or duplicates.

FLUSH — at session end:

  • nmem_auto(action="process", text="brief summary")

Memory Types

TypeUse For
factStable knowledge
decision"Chose X over Y because Z"
insightPatterns discovered
errorBugs and root causes
workflowProcess steps
preferenceUser preferences
instructionRules to follow

Links

Files

8 total
Select a file
Select a file to preview.

Comments

Loading comments…