Lily Memory Plugin

This plugin appears to implement what it claims, but review these points before installing: - Privacy: auto-capture defaults to capturing conversation text (capturePolicy: "all"). Sensitive information (passwords, API keys, PII) could be written to the plugin's SQLite DB. Consider switching capturePolicy to "assistant-only" or "tagged-only" or disabling autoCapture until you audit it. - Remote embeddings: the plugin will call the configured ollamaUrl for embeddings. Keep ollamaUrl set to a local trusted host (default is http://localhost:11434). Do NOT point it to an untrusted remote server if you care about memory confidentiality. - File writes & session modifications: the plugin writes to dbPath (default ~/.openclaw/memory/decisions.db) and the changelog notes a session-guard that may back up/reset session files. If you need to limit filesystem scope, set dbPath to a dedicated directory and review session-guard behavior. - Installation notes: better-sqlite3 is a native npm module and may require build tools; run installs and tests in an isolated environment first. - Audit recommendation: if you plan to use this in production, inspect lib/security.js and lib/session-guard.js (they control injection blocking and session file changes), and consider running the included test suite in a sandbox to confirm behaviour. Overall: coherent for its stated purpose, but treat it as privacy-sensitive and configure/inspect accordingly.