Engram
v0.2.0Persistent semantic memory for AI agents — local, fast, free. Use when agent needs to recall past decisions, store new facts/preferences, search conversation history, or maintain context across sessions.
⭐ 1· 2k·7 current·7 all-time
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
Name/description (local persistent semantic memory) match the declared binary 'engram' and the npm package 'engram-memory' that provides that CLI. Required binaries and declared install step are coherent with the skill's stated purpose.
Instruction Scope
SKILL.md contains only CLI usage for search/add/ingest/relate/export/import and references local files (e.g., export/import) and stdin ingestion — all expected for a local memory CLI. It does not instruct reading unrelated system files or requiring unrelated env vars.
Install Mechanism
Install uses a public npm package (engram-memory) which is a typical distribution method for a CLI. This is proportionate, but npm packages can execute arbitrary install scripts and the installed binary can perform network I/O; the skill claims 'No cloud' but that cannot be verified without inspecting the package.
Credentials
No environment variables, credentials, or config paths are requested. That is consistent with the 'local, no API keys' claim. Because no secrets are requested, there is no immediate credential overreach.
Persistence & Privilege
always:false and normal autonomous invocation are used. The skill does not request system-wide config changes or other skills' credentials. It will read/write local files (backup.json etc.) as expected for a local memory tool.
Assessment
This skill appears internally consistent for a local CLI-based memory tool, but take these precautions before installing: 1) Inspect the npm package (engram-memory) on the npm registry or its repository — check package.json for postinstall scripts and examine the binary's source if available. 2) Prefer installing in a sandbox/container or with restricted permissions to confirm it behaves offline if you require 'no cloud' guarantees. 3) Be aware that export/import commands create/read local files (backup.json) — avoid exporting sensitive data to unsecured locations. 4) Run npm audit / malware scans and verify the package author and recent activity. If you cannot review the package source, treat the install as higher risk.Like a lobster shell, security has layers — review code before you run it.
Runtime requirements
🧠 Clawdis
Binsengram
Install
Install Engram (npm)
Bins: engram
npm i -g engram-memorylatest
Engram — Agent Memory
Local semantic memory with biological decay, typed memories, and relationship graphs. No API keys. No cloud.
Boot Sequence
engram search "<current task or context>" --limit 10
Always recall before working. Accessed memories get salience-boosted.
Storing
engram add "Client uses React with TypeScript" --type fact --tags react,client
engram add "We decided to pause ads" --type decision --tags ads
echo "Raw conversation text" | engram ingest
Types: fact, decision, preference, event, relationship
Searching
engram search "what tech stack"
engram search "pricing decisions" --type decision
engram search "client status" --agent client-agent
Relationships
engram relate <src> <tgt> --type supports
engram auto-relate <id>
engram relations <id>
Types: related_to, supports, contradicts, caused_by, supersedes, part_of, references
Key Concepts
- Decay: Unused memories lose salience daily. Recalled ones get boosted.
- Types: Filter by fact, decision, preference, event, relationship.
- Scoping: global, agent, private, shared.
- Dedup: >92% similarity auto-merges.
Quick Reference
engram stats
engram recall --limit 10
engram export > backup.json
engram import backup.json
Comments
Loading comments...