Honcho Memory Multiplexer
v0.1.0Install and enable Honcho + the @alloralabs/honcho-memory-mux extension, migrate legacy file memory, and update workspace instructions so agents use memory v...
⭐ 0· 313·1 current·1 all-time
byYung Spook@spooktheducks
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
medium confidencePurpose & Capability
The name/description match the included code and instructions: the plugin uses the Honcho SDK to provide honcho_* tools, a memory_get fallback for local files, and an agent_end hook to write conversations to Honcho. Optional env vars (HONCHO_API_KEY, HONCHO_BASE_URL, HONCHO_WORKSPACE_ID) and node/npm usage are appropriate for this purpose. Minor documentation inconsistency: the registry metadata lists no required binaries/env, while SKILL.md metadata lists node/npm and optional HONCHO_* envs.
Instruction Scope
SKILL.md instructs scanning the workspace (MEMORY.md, memory/**, AGENTS.md, etc.), creating migration sessions, and uploading user and agent files to Honcho. The instructions call out explicit user confirmation before upload (good). The runtime plugin injects Honcho-derived context into the agent's system prompt (before_agent_start) and automatically persists agent messages to Honcho on agent_end. These actions are coherent with the purpose but have privacy implications: local files and agent conversations can be transmitted to an external service and system prompts will be modified to include retrieved memory context.
Install Mechanism
There is no separate install spec in the registry entry (instruction-only), but the bundle includes a normal Node package (package.json, dist/ files) intended to be installed via OpenClaw's plugin manager or npm. No high-risk arbitrary download URLs or extract-from-unknown-server patterns are present. The presence of code without an explicit install block is a documentation mismatch to be aware of.
Credentials
Only Honcho-related credentials/config (HONCHO_API_KEY, HONCHO_BASE_URL, HONCHO_WORKSPACE_ID) are declared as optional, matching the plugin's need to call Honcho. The plugin will read workspace files and may consult ~/.openclaw/openclaw.json to locate the workspace root; that file can contain other configuration. No unrelated service credentials are requested. Because the plugin uploads local memory and agent messages, granting Honcho access is a sensitive decision and should be limited to trusted endpoints or a self-hosted Honcho instance.
Persistence & Privilege
The skill does not request always:true and is user-invocable; it registers normal lifecycle hooks (gateway_start, before_agent_start, agent_end) as expected for a memory plugin. It does update workspace docs and write local files as part of migration (writes_to_disk=true in SKILL.md). Autonomous invocation is possible (platform default) — combine that with the data-upload behavior when considering risk.
Scan Findings in Context
[system-prompt-override] expected: The plugin explicitly injects Honcho-derived context into the system prompt (before_agent_start). The scanner flagged a system-prompt-override pattern; this is an intended feature for memory injection but is a behavior with influence over agent outputs and should be reviewed before enabling.
Assessment
This extension will scan your workspace (MEMORY.md, memory/**, AGENTS.md, etc.), modify workspace docs, and upload selected local files and agent conversation messages to Honcho (api.honcho.dev by default) unless you point it to a self-hosted endpoint. Before installing: 1) Confirm you trust the Honcho endpoint or run your own Honcho instance (set HONCHO_BASE_URL). 2) Inspect which files will be uploaded and back up any sensitive data. 3) Review the plugin code (included) if you need assurance about exact behavior. 4) Note the plugin injects memory context into agent system prompts — test in a staging workspace first. 5) Ensure you explicitly approve migration/upload prompts when the skill runs; if you need stricter guarantees, avoid granting HONCHO_API_KEY or use a local-only workflow.Like a lobster shell, security has layers — review code before you run it.
latestvk97bsw0172psg3gqsh7ezk60s981w17b
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
Runtime requirements
🧠 Clawdis