ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Memex Publish

Unified memory plugin for OpenClaw — conversation memory + document search in a single SQLite database. 90% E2E accuracy on LongMemEval (ICLR 2025) with GPT-...

MIT-0 · Free to use, modify, and redistribute. No attribution required.
0 · 184 · 0 current installs · 0 all-time installs
by@ofan
MIT-0
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The package code (memory store, embedder, retriever, document indexer, auto-recall/auto-capture, CLI) matches the advertised purpose of a unified memory + document search plugin. Declared config (embedding API key, DB path, document indexing, reranker) is consistent with the feature set.
!
Instruction Scope
SKILL.md and the code enable auto-discovery and indexing of workspace markdown files, auto-recall injection, and an 'autoCapture' mode that injects system prompts to cause the LLM to call memory_store (i.e., store extracted facts). The code reads/writes user config (~/.config/qmd/index.yml) and creates a SQLite DB under the user's home (~/.openclaw/memory/memex.sqlite). These are coherent for the feature but are broad: autoCapture can persist user-provided content into local DB and document indexing will scan files in user paths. The runtime also resolves ${ENV} references and will throw if referenced env vars are absent, which can affect behavior if you use env templating.
Install Mechanism
No formal install spec in the registry entry, but README/SKILL.md instructs users to clone and run npm install. package.json pulls dependencies from npm (including better-sqlite3, openai, sqlite-vec, fast-glob and a telemetry library). This is expected for a Node plugin, but npm install will fetch third-party packages — review them before running.
!
Credentials
The plugin requires an embedding API key (embedding.apiKey) which is reasonable. However, it also depends on @ofan/telemetry-relay-sdk (a telemetry dependency) and contains a telemetry module (src/telemetry.ts). It's not clear what telemetry is collected or whether it phones home by default or has an opt-out. The reranker/generation features accept optional endpoints and apiKey fields — these are optional but could be configured to external services. No unrelated cloud credentials are requested by default.
Persistence & Privilege
The plugin is not always: true and is user-invocable (normal). It creates and uses local files (SQLite DB under ~/.openclaw/memory, config at ~/.config/qmd), which is expected for a memory/indexing plugin. Combined with autoCapture and document indexing, this gives it persistent local storage of extracted data — expected, but high impact if sensitive data is captured.
What to consider before installing
What to check before installing: - Review telemetry: inspect src/telemetry.ts and the @ofan/telemetry-relay-sdk package to see what is collected and where it is sent, and whether telemetry is enabled by default or can be turned off. Consider installing only if telemetry is transparent and auditable. - Limit automatic capture and indexing: set plugins.entries.memex.config.autoCapture=false and documents.enabled=false (or restrict documents.paths) to prevent automatic scanning and storage while you audit the code. - Inspect for remote endpoints and shell execution: search the full source for network endpoints (http:// or https://), child_process usage (exec/spawn), and any code that runs configured shell commands (the collections format includes an 'update' command field). If any such code exists, confirm it's safe and that it doesn't execute untrusted input. - Protect credentials: use a dedicated, limited-scope API key for embeddings (not a production secret) or point embeddings at a local provider if possible. - Run in isolation first: test the plugin in a disposable account/container and watch outbound network traffic during operation (embedding, telemetry, reranker calls). - If you need assistance: provide the full contents of src/telemetry.ts and src/embedder.ts (or search results for 'telemetry', 'fetch', 'http', 'exec') — these files determine whether data may be exfiltrated or arbitrary commands run. Summary recommendation: the package appears to do what it claims, but telemetry and automatic capture/indexing are the primary reasons to be cautious. Audit telemetry and disable autoCapture/doc indexing until you verify behavior, or run the plugin in an isolated environment.
src/embedder.ts:200
Environment variable access combined with network send.
src/retriever.ts:354
Environment variable access combined with network send.
src/session-indexer.ts:257
Environment variable access combined with network send.
!
src/session-indexer.ts:13
File read combined with network send (possible exfiltration).
Patterns worth reviewing
These patterns may indicate risky behavior. Check the VirusTotal and OpenClaw results above for context-aware analysis before installing.

Like a lobster shell, security has layers — review code before you run it.

Current versionv0.5.11
Download zip
latestvk97am73yaahbdsmx91zgygeky183xgch

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

SKILL.md

Memex — Unified Memory for OpenClaw

LongMemEval (ICLR 2025)

SystemE2E AccuracyReader LLM
Hindsight/TEMPR91.4%GPT-4o
Memex90%GPT-4o
Zep/Graphiti~85%GPT-4o
mem0~78%GPT-4o
MemGPT~75%GPT-4o

Install

clawhub install memex --dir ~/.openclaw/plugins --force
cd ~/.openclaw/plugins/memex && npm install

Minimal Config

Only embedding.apiKey is required:

openclaw config set plugins.slots.memory memex
openclaw config set plugins.entries.memex.config.embedding '{"provider":"openai-compatible","apiKey":"${EMBED_API_KEY}","model":"text-embedding-3-small","baseURL":"https://api.openai.com/v1"}'

Config Reference

Auto-Recall (memory injection)

Injects relevant memories into the prompt before each turn.

# On by default. To disable:
openclaw config set plugins.entries.memex.config.autoRecall false

# Limit to specific agents (default: all agents):
openclaw config set plugins.entries.memex.config.autoRecallAgents '["main","cabbie"]'

# Number of results per turn (default: 3, R@3=90%, R@5=96%):
openclaw config set plugins.entries.memex.config.autoRecallLimit 5

Auto-Capture (LLM-driven storage)

Injects a system prompt nudging the LLM to store facts via memory_store.

# On by default. To disable:
openclaw config set plugins.entries.memex.config.autoCapture false

# Limit to specific agents:
openclaw config set plugins.entries.memex.config.autoCaptureAgents '["main"]'

Scopes (per-agent memory isolation)

Control which agent sees which memories.

# Give an agent access to global + its own scope (default):
openclaw config set plugins.entries.memex.config.scopes.agentAccess.coder '["global","agent:coder"]'

# Isolate an agent — only sees its own memories:
openclaw config set plugins.entries.memex.config.scopes.agentAccess.coder '["agent:coder"]'

# Set all scopes at once:
openclaw config set plugins.entries.memex.config.scopes '{"default":"global","agentAccess":{"main":["global","agent:main"],"coder":["agent:coder"],"infra":["global","agent:infra"]}}'

Document Search

Auto-discovers agent workspace markdown files. On by default.

# Disable:
openclaw config set plugins.entries.memex.config.documents.enabled false

# Change re-index interval (default 30 min, 0 = disabled):
openclaw config set plugins.entries.memex.config.documents.reindexIntervalMinutes 60

Reranker (optional)

Cross-encoder reranker. Off by default. Recommended when autoRecallLimit=1.

openclaw config set plugins.entries.memex.config.reranker '{"enabled":true,"endpoint":"http://localhost:8090/v1/rerank","model":"bge-reranker-v2-m3-Q8_0"}'

All Settings

SettingDefaultDescription
embedding.apiKey(required)Embedding API key
embedding.modeltext-embedding-3-smallEmbedding model
embedding.baseURLOpenAI-compatible endpoint
autoRecalltrueInject memories before each turn
autoRecallAgents(all)Agent whitelist for recall
autoRecallLimit3Results per turn
autoCapturetrueLLM-driven memory storage
autoCaptureAgents(all)Agent whitelist for capture
scopes.defaultglobalDefault memory scope
scopes.agentAccess(all global)Per-agent scope access
documents.enabledtrueDocument search
reranker.enabledfalseCross-encoder reranker

Files

31 total
Select a file
Select a file to preview.

Comments

Loading comments…