ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Memoria

v0.2.0

Use Memoria as OpenClaw's durable memory slot. Triggers: "remember this", "save to memory", "what do you remember", "continue from last time", "forget this",...

0· 96·0 current·0 all-time
byi.an@randomradio

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for randomradio/thememoria.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "Memoria" (randomradio/thememoria) from ClawHub.
Skill page: https://clawhub.ai/randomradio/thememoria
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install thememoria

ClawHub CLI

Package manager switcher

npx clawhub@latest install thememoria
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The name, description, and runtime instructions consistently describe using Memoria as OpenClaw's durable memory and map to the listed memory_* operations. However, the SKILL.md and setup docs reference API_URL/API_KEY/EMBEDDING_API_KEY and explicit plugin installation steps that are not reflected in the registry's declared requirements (registry lists no required env vars or binaries). This mismatch between declared requirements and the documented onboarding is unexpected.
Instruction Scope
The runtime instructions focus on retrieving, storing, correcting, and managing memory via memory_* tools and are scoped to the stated purpose. The setup instructions (in references/setup.md) include network operations (git clone, and a curl | bash installer) and request API keys for cloud/local backends; these are related to enabling the plugin but broaden the surface the operator must trust.
!
Install Mechanism
The registry has no formal install spec, but the included setup docs recommend: (a) openclaw plugin install (safe/expected) and (b) optionally cloning from GitHub or running curl -sSL https://raw.githubusercontent.com/.../install.sh | bash. Piping a remote install script to bash is a high-risk install mechanism because it executes unreviewed code fetched at runtime. The git clone fallback is less risky but still pulls code from an external repo. The instructions do not provide cryptographic verification or pinned release URLs.
!
Credentials
The skill registry declares no required environment variables or primary credential, but the SKILL.md and setup docs explicitly reference MEMORIA_API_URL, API_KEY, and EMBEDDING_API_KEY for cloud and embedded modes. Asking for API keys and endpoints is proportionate to a memory plugin, but the mismatch (documentation requires secrets while registry metadata lists none) is a coherence problem and a user-config/expectation risk.
Persistence & Privilege
The skill does not request always:true and does not declare modifications to other skills or system-wide settings. It is user-invocable and allows autonomous invocation (the platform default). Nothing in the skill requests elevated persistence beyond normal plugin behavior.
What to consider before installing
This skill appears to do what it says (use Memoria as durable memory) but pay attention before installing: 1) The SKILL.md/setup docs ask you to supply MEMORIA_API_URL/API_KEY and an embedding key — those secrets are required for cloud/embedded operation but were not declared in the registry metadata; confirm where those keys will be stored and which network endpoint you will trust. 2) The setup doc suggests running a remote install script via curl | bash; avoid piping unknown scripts into your shell unless you audit the script or use a vetted release. 3) Prefer installing via the official openclaw plugin registry or a checked GitHub release and verify signatures or pinned commit SHAs where possible. 4) Review the upstream Memoria repo (https://github.com/matrixorigin/Memoria) and its install scripts before running them. 5) If you will store sensitive data, ensure the Memoria backend and API endpoint meet your security and privacy requirements. If you want higher confidence, ask the publisher to: add declared env vars to the registry metadata, include a vetted install spec, and avoid recommending curl|bash in their user-facing docs.

Like a lobster shell, security has layers — review code before you run it.

Runtime requirements

🧠 Clawdis
latestvk970k15263f8kx31svykqc3ygn83mhk4
96downloads
0stars
1versions
Updated 1mo ago
v0.2.0
MIT-0
i.an@randomradio
latest
Download

Memoria

Use this skill when OpenClaw should treat Memoria as the durable external memory system for the current user or project.

Routing

Pick the smallest reference that matches the task:

  • Install or verify the OpenClaw plugin: references/setup.md
  • Decide which memory tool to use: references/tool-surface.md
  • Daily store, recall, correct, forget behavior: references/operations.md
  • Session lifecycle, goals, recovery, branches, rollback: references/patterns.md

Core Rules

  1. Prefer Memoria tools over MEMORY.md or memory/YYYY-MM-DD.md unless the user explicitly asks for file-based notes.
  2. Do not auto-store every turn. Save durable facts, preferences, decisions, workflows, and meaningful progress.
  3. On task resume or "what do you remember" prompts, retrieve relevant memory first.
  4. Use the most specific tool available: memory_profile for stable preferences, memory_store for general durable memory, memory_correct or memory_forget for repairs.
  5. Before bulk delete, purge, or large rewrites, create a snapshot first.
  6. Use branches for risky or reversible memory experiments, then diff and merge or delete.
  7. After important writes, repairs, rollback, or merges, verify with retrieval or list tools.
  8. Do not claim only memory_search or memory_get exist when other memory_* tools are available.

Default Flow

  1. At conversation start or task resume, use memory_retrieve or memory_search for relevant context.
  2. During the conversation, store only the durable facts worth keeping.
  3. If the user corrects or removes memory, repair it immediately with memory_correct, memory_forget, or memory_purge.
  4. For risky memory maintenance, create a snapshot or branch before mutating state.
  5. At the end of meaningful work, store the durable outcome and clean up obsolete working memory.

Important Notes

  • OpenClaw's built-in file memory (openclaw memory) is separate from Memoria (openclaw memoria).
  • The plugin defaults to explicit writes, not silent auto-capture.
  • memory_get is a compatibility helper; when in doubt, prefer memory_retrieve, memory_search, or memory_list.
  • Memoria's core strengths are semantic retrieval, durable cross-session memory, snapshots, rollback, branches, merge, and governance.

Quick Start

openclaw plugins install @matrixorigin/thememoria
openclaw memoria setup --mode cloud --api-url <MEMORIA_API_URL> --api-key <API_KEY>
openclaw memoria health

Comments

Loading comments...