ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Openclaw Memory

Persistent, locally stored semantic memory for agents with automatic learning, searchable facts, and optional paid unlimited retention across all sessions.

MIT-0 · Free to use, modify, and redistribute. No attribution required.
0 · 1.4k · 11 current installs · 11 all-time installs
by@AtlasPA
MIT-0
Security Scan
VirusTotalVirusTotal
stale
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The code and SKILL.md align on the core purpose (local SQLite memory, embeddings, semantic search, hooks to inject/store memories, and an x402 payment flow). However, metadata/requirements claim 'no required env vars' while implementation and documentation reference environment variables (PAYMENT_WALLET, PAYMENT_CALLBACK_URL, OPENAI_API_KEY, EMBEDDING_PROVIDER, MEMORY_DEDUPLICATE). That mismatch between declared requirements and actual code is a sign of sloppy packaging and should be treated as a red flag.
!
Instruction Scope
The installed hooks automatically extract and persist data from every request/response when an agent wallet is present (request-before, request-after, session-end). The README even gives an example of storing secrets as 'facts' (e.g., "User's API key is abc123"), implying the analyzer may capture and persist sensitive tokens. The SKILL.md claims 'no external servers or telemetry' and 'embeddings can use local models', but implementation summary indicates OpenAI may be used by default — so the actual runtime behavior (what is captured, where embeddings go) depends on configuration and may contradict privacy claims.
Install Mechanism
There is no remote download/install URL in the skill metadata (no arbitrary URL/extract), and package.json lists normal Node dependencies (express, better-sqlite3). Risk from the install mechanism itself is low relative to download-from-untrusted-URL patterns. That said, this package includes server and database code that will run locally under Node, so installation gives code persistent disk presence and a local HTTP service (dashboard).
!
Credentials
The registry metadata lists no required environment variables, but the implementation references several environment variables (PAYMENT_WALLET, PAYMENT_CALLBACK_URL, OPENAI_API_KEY, EMBEDDING_PROVIDER, MEMORY_DEDUPLICATE). In particular, PAYMENT_WALLET and payment callback configuration are critical for the x402 flow; these were not declared up front. The skill allows autonomous agent-initiated payments (x402) and the MVP 'trusts reported tx_hash' (no on-chain verification), which is a high-risk capability if an agent is given a funded wallet or if untrusted agents can call the payment endpoints.
!
Persistence & Privilege
The skill registers OpenClaw hooks that run on every request/session where an agent wallet exists, giving it automatic, persistent access to conversation content and the ability to store/inject memories into future requests. While 'always: true' is not set, the hooks still grant broad automatic behavior. Combined with the ability for agents to autonomously subscribe to 'Pro' (and the dashboard running a local HTTP API by default), this increases blast radius for accidental secret capture, unauthorized payments, or local data exposure if the dashboard is not properly firewalled.
What to consider before installing
Key things to consider before installing: - Review and audit the code yourself (especially src/x402.js, src/index.js, src/analyzer.js, and the dashboard server). The package runs a local web server and a persistent SQLite DB under ~/.openclaw/openclaw-memory/. - Do not provide a funded agent wallet or give agents wallet access you don't fully control. The x402 flow allows agents to create payment requests and the MVP trusts reported tx_hash values (no on-chain verification), which could enable false/unauthorized 'payments'. - Check environment variables and configuration: the skill expects PAYMENT_WALLET, PAYMENT_CALLBACK_URL, and may use OPENAI_API_KEY or local embeddings depending on settings — these were not declared in the registry metadata. Decide which embedding provider you want and configure it explicitly. - Secrets may be captured: the analyzer is designed to extract facts and preferences automatically, and documentation examples explicitly mention storing things like API keys. If you have sensitive data that must not be persisted, either disable the hooks, configure the analyzer to filter secrets, or do not install. - Run the dashboard only on localhost and ensure it is not exposed to the network (bind to 127.0.0.1 and/or use firewall rules); review and secure PAYMENT_CALLBACK_URL if you enable payments. - If you plan to use the Pro/x402 features: require on-chain verification (do not rely on the MVP 'trust tx_hash' behavior) and set PAYMENT_WALLET to an address you control; consider manual approval of payment actions rather than autonomous agent-driven payments. If you are not able to audit the code, or you cannot guarantee agents will not receive wallet credentials, treat this skill as higher risk and avoid installing it in production environments.

Like a lobster shell, security has layers — review code before you run it.

Current versionv1.0.0
Download zip
latestvk97bzbv4x7npvc70j8yp57darh8109sf

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🧠 Clawdis
OSmacOS · Linux · Windows
Binsnode

SKILL.md

OpenClaw Memory System

Persistent memory across sessions with semantic search and x402 payments.

What is it?

The first OpenClaw skill that gives your agents persistent memory - they remember facts, preferences, patterns, and conversation history across all sessions. Never repeat context again.

Key Features

  • 🧠 Persistent Memory - Remembers everything across sessions
  • 🔍 Semantic Search - Find memories by meaning, not just keywords
  • 🤖 Automatic Learning - Extracts facts and preferences automatically
  • 💾 Local Storage - SQLite database with vector embeddings
  • 💰 x402 Payments - Agents can pay for unlimited storage (0.5 USDT/month)

Free vs Pro Tier

Free Tier:

  • 100 memories maximum
  • 7-day retention
  • Basic semantic search

Pro Tier (0.5 USDT/month):

  • Unlimited memories
  • Permanent retention
  • Advanced semantic search
  • Memory relationship mapping

Installation

claw skill install openclaw-memory

Commands

# Search memories
claw memory search "What does user prefer?"

# List recent memories
claw memory list --limit=10

# Show stats
claw memory stats

# Open dashboard
claw memory dashboard

# Subscribe to Pro
claw memory subscribe

How It Works

  1. Hooks into requests - Automatically extracts important information
  2. Generates embeddings - Creates semantic vectors for search
  3. Stores locally - SQLite database with full privacy
  4. Retrieves on demand - Injects relevant memories before requests
  5. Manages quota - Prunes old memories when limits reached (Free tier)

Use Cases

  • Remember user preferences and coding style
  • Store project context and requirements
  • Learn patterns from repeated interactions
  • Maintain conversation history across sessions
  • Build knowledge base over time

Agent Economy

Agents can autonomously evaluate if Pro tier is worth it:

  • Cost: 0.5 USDT/month
  • Value: Saves tokens by eliminating context repetition
  • ROI: If persistent memory saves >0.5 USDT/month in tokens, it pays for itself

See AGENT-PAYMENTS.md for x402 integration details.

Privacy

  • All data stored locally in ~/.openclaw/openclaw-memory/
  • No external servers or telemetry
  • Embeddings can use local models (no API calls)
  • Open source - audit the code yourself

Dashboard

Access web UI at http://localhost:9091:

  • Browse and search memories
  • View memory timeline
  • Check quota and stats
  • Manage Pro subscription

Foundation for Future Tools

Memory System is the foundation for:

  • Context Optimizer - Uses memories to compress context
  • Smart Router - Learns routing patterns
  • Rate Limit Manager - Tracks usage patterns

Requirements

  • Node.js 18+
  • OpenClaw v2026.1.30+
  • OS: Windows, macOS, Linux

Links

Built by the OpenClaw community | First memory system with x402 payments

Files

21 total
Select a file
Select a file to preview.

Comments

Loading comments…