ClawHub

Openclaw Memory Qdrant

v1.0.15

Local semantic memory with Qdrant and Transformers.js. Store, search, and recall conversation context using vector embeddings (fully local, no API keys).

1· 1.2k·8 current·9 all-time
byzuiho@zuiho-kai
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description (local semantic memory using Qdrant and Transformers.js) match the included package.json, dependencies (@qdrant/js-client-rest and @xenova/transformers), and the code: it provides memory_store/search/forget, optional external Qdrant URL, and local embeddings. Required binaries (node, npm) and no environment variables are appropriate for this purpose.
Instruction Scope
SKILL.md only instructs installing/enabling the plugin, configuring storage and autoCapture, and documents the model download from Hugging Face. The runtime code reads/writes only its own persistPath and uses the configured qdrantUrl if provided. There are no instructions to read unrelated system files or exfiltrate credentials. Note: autoCapture/allowPIICapture are opt-in and documented; default behavior skips PII.
Install Mechanism
The registry metadata lists no explicit install spec (instruction-only), but the skill bundle contains code, package.json and package-lock.json requiring npm dependencies and native modules (sharp, onnxruntime). Installing will require npm (and platform build tools) and will cause downloads from npm and a ~25MB model from huggingface.co. This is expected for local embeddings but is higher friction than a pure instruction-only skill and worth noting.
Credentials
The skill requests no environment variables or credentials. The only external network interactions are explicit and documented: (1) optional qdrantUrl supplied by the user for external Qdrant, and (2) Transformers.js model download from Hugging Face. No hidden env vars or unrelated credentials are requested.
Persistence & Privilege
The plugin defaults to disk persistence (persistToDisk: true) and stores data under ~/.openclaw-memory/ (or a user-specified storagePath). This is coherent with a memory plugin but has privacy implications: persistent storage plus the (opt-in) autoCapture/allowPIICapture features can store PII if misconfigured. always:false and no global config modifications are used, which is appropriate.
Assessment
This plugin appears to do what it claims: local embeddings + Qdrant-backed memory. Before installing: 1) Be aware it will download a ~25MB model from huggingface.co at first run and install native dependencies (sharp, onnxruntime) that may need build tools. 2) It persists data by default to ~/.openclaw-memory/ — set persistToDisk: false if you want volatile memory, and do not enable allowPIICapture unless you accept the privacy risk. 3) If you plan to use an external Qdrant, only provide a trusted server URL. 4) Review index.js (and test-fixes.js) yourself; there is a small implementation concern (use of api.logger in one catch path may be undefined and could cause runtime errors) — this looks like a bug, not malicious code. 5) For highest safety, test in an isolated environment and lock dependency versions (npm ci) before enabling in production.

Like a lobster shell, security has layers — review code before you run it.

latestvk977h4smapf2dp71yb1hqqvhwx818s5t

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

Binsnode, npm

Comments