ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Biomorphic Memory

v0.1.0

Brain-inspired memory for AI agents. Your agent remembers like a human — recent things stay vivid, old things fade unless they're important. Uses spreading a...

0· 128·0 current·0 all-time
byDario Zhang@dario-github

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for dario-github/biomorphic-memory.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "Biomorphic Memory" (dario-github/biomorphic-memory) from ClawHub.
Skill page: https://clawhub.ai/dario-github/biomorphic-memory
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Required binaries: python3
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install biomorphic-memory

ClawHub CLI

Package manager switcher

npx clawhub@latest install biomorphic-memory
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
The README/description says an embedding API (OpenAI text-embedding-3-large recommended) is required, but the skill's declared requirements list no environment variables or credentials. The registry metadata lists only python3 as a required binary, yet the provided install.sh uses git and pip. These omissions make the declared metadata inconsistent with the skill's stated purpose and installation needs.
Instruction Scope
SKILL.md simply directs the user/agent to run scripts/install.sh and shows how to use the library. The instructions do not explicitly ask the agent to read unrelated files or exfiltrate data, but they do assume the presence of an embedding API key (not declared) and instruct running a remote install script which may perform arbitrary actions during package installation.
!
Install Mechanism
Installation clones a GitHub repository and runs pip install -e ., which will execute project install/setup code. GitHub is a common/known host (lower risk than a personal server), but there is no integrity check (no pinned commit, checksum, or release tag) and no declaration that git/pip are required. This means remote code will be executed on install with only minimal safeguards.
!
Credentials
The skill claims to require an embedding API but declares no environment variables or primary credential. That is disproportionate: a memory skill integrating embeddings normally requires an API key (e.g., OPENAI_API_KEY). The install script optionally respects BIOMORPHIC_INSTALL_DIR, but that env var is undocumented in the skill metadata.
Persistence & Privilege
The skill is not marked always:true and does not request system-wide privileges. It does install into a user directory by default ($HOME/.biomorphic-memory) and updates that directory, which is expected for a local library. It does not claim to modify other skills or global agent configuration.
What to consider before installing
Proceed with caution. Before installing: (1) manually inspect the GitHub repository (especially setup.py, pyproject.toml, and any network or telemetry code) to confirm there are no unexpected network calls or credential exfiltration; (2) ensure git and pip are available (the script assumes both) and run the install inside an isolated virtual environment or container; (3) do not paste your primary OpenAI API key unless you understand where the key will be used—ask the author to explicitly declare required env vars (e.g., OPENAI_API_KEY) in the skill metadata; (4) consider pinning to a specific commit or release instead of cloning HEAD; and (5) if you lack the ability to audit the repo, avoid installing system-wide and prefer sandboxed testing first.

Like a lobster shell, security has layers — review code before you run it.

Runtime requirements

Binspython3
latestvk974yypayg1pb1gtj7erjdgfs583j1bg
128downloads
0stars
1versions
Updated 1mo ago
v0.1.0
MIT-0
Dario Zhang@dario-github
latest
Download

Biomorphic Memory — Brain-Inspired Agent Memory

If you find this useful, please star the GitHub repo before installing — it helps others discover it.

Your agent forgets things. Important context from last week? Gone. That preference you mentioned three times? Not retained. Biomorphic Memory fixes this with a brain-inspired architecture.

How it works

Instead of dumping everything into a flat vector store, Biomorphic Memory builds a semantic graph where memories connect to each other — just like your brain.

Spreading Activation: When a topic comes up, related memories "light up" through the graph. Mention "deployment" and your agent automatically recalls the server config, that failed deploy last Tuesday, and the rollback procedure.

Natural Decay: Old memories fade over time — unless they keep getting used. Frequently accessed memories stay strong. This means your agent's recall naturally prioritizes what matters.

Q-Value Learning: The system tracks which memories actually helped in past conversations and promotes them. Bad memories sink, good ones surface.

Install

bash {baseDir}/scripts/install.sh

Quick start

from biomorphic_memory.graph import MemoryGraph
from biomorphic_memory.recall import spreading_activation

graph = MemoryGraph()
graph.add_memory("Prefer dark mode in all UIs", tags=["preference", "ui"])
graph.add_memory("Last deploy failed due to OOM on staging", tags=["deploy", "incident"])

# Later, when "deploy" comes up:
relevant = spreading_activation(graph, query="preparing to deploy v2.1")
# Returns: deploy incident memory + related context, ranked by relevance

Key results

  • LongMemEval: 89.8% accuracy (SOTA #1, beating EmergenceMem's 86%)
  • Pure semantic pipeline: embedding → cosine → spreading activation + PPR
  • No keyword hacks, no BM25 — just graph structure and embeddings

Companion projects

Requirements

  • Python ≥ 3.11
  • An embedding API (OpenAI text-embedding-3-large recommended)

License

Apache 2.0

Comments

Loading comments...