Ollama Memory Embeddings
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: ollama-memory-embeddings Version: 1.0.4 The skill bundle is benign. It transparently configures OpenClaw to use Ollama for memory embeddings, as described in SKILL.md and README.md. The scripts (install.sh, enforce.sh, watchdog.sh, verify.sh, audit.sh) use robust methods for configuration management (e.g., node for JSON parsing, file locking, backups) and input sanitization (e.g., xml_escape for launchd plist). Network activity is confined to the local loopback address (127.0.0.1:11434) for Ollama, and persistence via watchdog.sh is optional and explicitly documented. There is no evidence of data exfiltration, unauthorized remote control, obfuscation, or malicious prompt injection attempts against the AI agent.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Installing or running the skill can change how OpenClaw memory search works and may rebuild memory embeddings.
The skill intentionally changes OpenClaw memory-search settings and can run a force reindex. This is purpose-aligned, disclosed, and configurable, but it affects local agent behavior and memory retrieval.
Updates `agents.defaults.memorySearch` in OpenClaw config ... Optional memory reindex during install (`openclaw memory index --force --verbose`)
Use `--dry-run` first if unsure, review the target config path, and only enable reindexing when you are ready to rebuild memory vectors.
A user may not see required local tools from the registry metadata alone before running the skill.
The registry metadata under-declares operational dependencies, while the provided scripts require tools such as node, curl, and ollama. The requirements are disclosed elsewhere, so this is a metadata completeness issue rather than hidden behavior.
Required binaries (all must exist): none ... Env var declarations: none ... No install spec — this is an instruction-only skill.
Confirm `node`, `curl`, and `ollama` are installed and review the scripts before running setup.
Running the installer executes local shell commands and uses local Ollama/OpenClaw tooling.
The installer is a shell script that invokes local command-line tools. This is expected for a local configuration skill and is not hidden, but it is still executable local setup code.
require_cmd node require_cmd curl require_cmd ollama
Run the installer only from the expected skill directory, and use the documented `--dry-run` option to preview changes.
If enabled, the watchdog may keep restoring the Ollama embedding configuration after later manual changes.
The skill can install a persistent launchd watchdog that periodically checks and heals memory-search config drift. This persistence is optional, documented, and removable.
--install-launchd install + load launchd job (macOS)
Enable the watchdog only if you want automatic drift healing, and remove it with `watchdog.sh --uninstall-launchd` or the documented uninstall flow if you no longer need it.