OpenClaw Memory Core
Core utilities for OpenClaw memory plugins (redaction, local store, embeddings).
MIT-0 · Free to use, modify, and redistribute. No attribution required.
⭐ 0 · 322 · 1 current installs · 2 all-time installs
byelvatis_com@homeofe
MIT-0
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
Name/description (redaction, local JSONL store, hash-based embedder) match the source files (redaction.ts, store-jsonl.ts, embedding.ts). No required env vars or external APIs are declared or used by default. Packaging metadata (package.json) includes an OpenClaw extension entry pointing to ./src/index.ts which is consistent with being a dependency library.
Instruction Scope
SKILL.md describes local-only behavior and does not instruct the agent to read/send unrelated secrets or call external endpoints. However the pre-scan flagged prompt-injection patterns (e.g. 'ignore-previous-instructions', 'you-are-now') inside SKILL.md — that is unexpected for a library README and should be inspected. Also the repo includes tests named injection.test.ts (large file) — review its contents to ensure there are no embedded instructions or examples that attempt to manipulate an agent when loaded.
Install Mechanism
No install spec (instruction-only) which is lower-risk, but the skill bundle contains full source files. That means code will be available to the agent environment when the skill is loaded; there is no external download at install time. package.json includes build/test scripts and an 'openclaw.extensions' pointing at ./src/index.ts — verify how the platform loads that extension (runtime code execution).
Credentials
The skill declares no required environment variables or credentials and the code does not read environment secrets. The redactor scans for many secret patterns (expected for a redaction library) but does not log or transmit the matched secrets — matches are recorded only as rule id + count. No disproportionate credential requests observed.
Persistence & Privilege
always:false and normal model invocation are set. The JsonlMemoryStore writes to filesystem paths provided by callers; there is a safePath helper in utils.ts but the store constructor does not use it, so the library will create and write files at the filePath you pass (or relative to the process CWD). Confirm where files will be written and whether that aligns with your security requirements.
Scan Findings in Context
[prompt-injection-ignore-previous-instructions] unexpected: Pre-scan detected the token 'ignore-previous-instructions' in SKILL.md. The README/SKILL.md content shown does not visibly include that phrase, so this may be a false positive or present elsewhere in the full SKILL.md. Regardless, such phrases are unexpected for a library README and should be manually inspected.
[prompt-injection-you-are-now] unexpected: Pre-scan detected 'you-are-now' pattern in SKILL.md. This pattern is commonly flagged for prompt-injection attempts; review SKILL.md and any included example/test files to confirm no content attempts to reconfigure or coerce the agent.
What to consider before installing
This package largely matches its description (local redaction, file-backed memory, deterministic embedder) and does not request credentials — good. Before installing: 1) Manually inspect the full SKILL.md and tests (especially injection.test.ts) for any prompt-like instructions flagged by the scanner ('ignore-previous-instructions', 'you-are-now'); remove or sanitize if present. 2) Confirm how OpenClaw will load ./src/index.ts (the package.json 'openclaw.extensions' entry) and whether that gives the skill runtime filesystem access—decide whether you trust that. 3) Note that JsonlMemoryStore will create/write files at the provided filePath; ensure code that constructs the store uses an allowed path (the library has a safePath helper but does not enforce it). 4) Run the included scripts/scan-secrets.sh locally (it has a built-in fallback) to check for accidental secret leakage in the bundle. 5) Prefer installing from a verified registry or repository URL and review package authorship (the source/homepage are not provided). If you cannot inspect the SKILL.md/tests or verify the origin, treat installation as higher risk.Like a lobster shell, security has layers — review code before you run it.
Current versionv0.1.1
Download ziplatest
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
SKILL.md
OpenClaw Memory Core
Shared library powering OpenClaw's memory plugins (openclaw-memory-brain and openclaw-memory-docs). Provides three core modules:
Redaction
Automatically detects and redacts secrets before they reach memory storage. Covers:
- API keys (OpenAI, Anthropic, Stripe, Google, GitHub PATs)
- AWS credentials (access keys, secret keys)
- Azure storage keys, HashiCorp Vault tokens
- JWTs, Bearer tokens, PEM private key blocks
Usage: pipe any text through the redactor before storing — secrets are replaced with safe [REDACTED:TYPE] placeholders.
JSONL Store
Local file-based memory store using append-only .jsonl files. Features:
- CRUD for memory items (kinds:
fact,decision,doc,note) - Expiration support (
expiresAtfield) - Semantic search via cosine similarity on embeddings
- No external database required — everything lives in flat files
Embeddings
Deterministic, offline, dependency-free text embedder (HashEmbedder):
- FNV-1a hash-based vector generation (default 256 dimensions)
- L2 normalization for cosine similarity search
- No API calls, no model downloads — works fully offline
- Not SOTA semantics, but stable and fast for local vector search
Integration
This is a dependency library, not a standalone plugin. Install it as a package dependency:
npm install @elvatis_com/openclaw-memory-core
Used internally by openclaw-memory-brain (auto-capture) and openclaw-memory-docs (explicit capture).
Files
18 totalSelect a file
Select a file to preview.
Comments
Loading comments…