ClawHub

Vanar Neutron Memory

v1.3.2

Save and recall agent memory with semantic search. Context that persists across every session.

1· 2.1k·3 current·3 all-time
byVanar Neutron@naeemmaliki036
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name and description (semantic persistent memory) align with the included scripts and hooks. The single required credential (API_KEY) and the API endpoints used (memory/save, memory/search) match the stated purpose.
Instruction Scope
Runtime instructions and scripts consistently send only user and assistant text to the Neutron API and only when you run a command or enable the opt‑in hooks. Minor inconsistencies: SKILL.md/SETUP.md state "No local files are read" while the scripts will read an optional credentials file (~/.config/neutron/credentials.json) if present; pre-hook comments mention stdin but the code reads OPENCLAW_USER_MESSAGE env var. These are implementation details rather than malicious behavior, but they should be noted.
Install Mechanism
Instruction-only skill with small readable bash scripts, no install spec, no downloaded archives or binaries. No hidden install steps detected.
Credentials
Only one credential (API_KEY) is required/declared and is used for Authorization to the Neutron API. The hooks consult only expected variables (OPENCLAW_USER_MESSAGE, OPENCLAW_AI_RESPONSE) and an optional credentials file; no unrelated secrets or services are requested.
Persistence & Privilege
The skill is not forced always-on. Auto-capture/auto-recall are opt-in via explicit environment variables. The skill does not modify other skills or system-wide configs beyond optionally reading/using a local credentials file.
Scan Findings in Context
[pre-scan-none-detected] expected: The static pre-scan reported no regex findings. The asset is small shell scripts and documentation; the manual code review here found no obfuscated behavior or hidden endpoints beyond the documented api-neutron.vanarchain.com.
Assessment
This skill appears to do what it claims, but you should be aware of privacy implications before enabling auto-capture/auto-recall: enabling those hooks will send user messages and assistant responses to a third‑party API (api-neutron.vanarchain.com). Recommendations: (1) Only enable VANAR_AUTO_CAPTURE/VANAR_AUTO_RECALL if you trust the provider and accept that conversation content will be transmitted and stored. (2) Store your API key with care — prefer a credentials file restricted to your user (chmod 600 ~/.config/neutron/credentials.json) or use a short‑lived key, and avoid committing keys to dotfiles in shared repos. (3) Verify the API endpoint and provider (openclaw.vanarchain.com / api-neutron.vanarchain.com) independently and review their privacy/retention policies. (4) If you enable hooks, test with non-sensitive data first. (5) Note the small documentation mismatch: SKILL.md says "No local files are read" but the scripts will read an optional credentials file if present; consider that when configuring. If you need higher assurance, run the scripts in an isolated environment and monitor outbound network calls before trusting them with sensitive data.

Like a lobster shell, security has layers — review code before you run it.

Runtime requirements

🧠 Clawdis
EnvAPI_KEY
Primary envAPI_KEY
latestvk97ewrtvx3nbewpg0d3k1ey0ah82064p
2.1kdownloads
1stars
13versions
Updated 1mo ago
v1.3.2
MIT-0
Vanar Neutron@naeemmaliki036
latest
Download

Neutron Memory

Every conversation, preference, and decision your agent makes can persist across sessions. Save what matters, and when you need it, semantic search finds the right context by meaning — not keywords. Every session builds on the last.

How It Works

Manual — save and search with simple commands:

  1. ./scripts/neutron-memory.sh save "user prefers dark mode" "Preferences" — save context
  2. ./scripts/neutron-memory.sh search "what theme does the user like" — find it by meaning

Automatic (opt-in) — enable hooks to capture and recall automatically:

  1. Auto-Capture saves conversations after each AI turn
  2. Auto-Recall finds relevant memories before each AI turn and injects them as context

Quick Start

See SETUP.md for the full setup guide. TL;DR:

  1. Get a free API key at https://openclaw.vanarchain.com/ ($20 free credits, no credit card)
  2. export API_KEY=nk_your_key
  3. ./scripts/neutron-memory.sh test

Commands

Save

./scripts/neutron-memory.sh save "Content to remember" "Title"

Search

./scripts/neutron-memory.sh search "what do I know about X" 10 0.5

Arguments: QUERY LIMIT THRESHOLD(0-1)

Diagnose

./scripts/neutron-memory.sh diagnose

Checks all prerequisites: curl, jq, API key, connectivity, and authentication.

Hooks (Auto-Capture & Auto-Recall)

  • hooks/pre-tool-use.shAuto-Recall: Queries memories before AI turn, injects relevant context
  • hooks/post-tool-use.shAuto-Capture: Saves conversation after AI turn

Both are disabled by default (opt-in only). To enable:

export VANAR_AUTO_RECALL=true
export VANAR_AUTO_CAPTURE=true

API Endpoints

  • POST /memory/save — Save text (multipart/form-data)
  • POST /memory/search — Semantic search (JSON body)

Auth: Authorization: Bearer $API_KEY — that's it. No other credentials needed.

Security & Privacy

No data is sent unless you run a command or explicitly enable auto-capture/auto-recall. Both hooks are disabled by default.

This skill only sends data you explicitly save (or opt-in auto-captured conversations) to the Neutron API. Here's exactly what happens:

ActionWhat's sentWhere
SaveThe text you pass to save or auto-captured conversation turnsPOST /memory/save over HTTPS
SearchYour search query textPOST /memory/search over HTTPS
Auto-RecallThe user's latest message (used as search query)POST /memory/search over HTTPS
Auto-CaptureUser: {message}\nAssistant: {response}POST /memory/save over HTTPS

What is NOT sent:

  • No local files are read or uploaded
  • No environment variables (other than the API key for auth)
  • No system information, file paths, or directory contents
  • No data from other tools or skills

All communication is over HTTPS to api-neutron.vanarchain.com. The source code is fully readable in the scripts/ and hooks/ directories — three short bash scripts, no compiled binaries.

Comments

Loading comments...