Long Term Memory with Honcho
PassAudited by ClawScan on May 10, 2026.
Overview
This skill transparently installs a Honcho long-term memory plugin, but users should understand that it can upload selected workspace memory files and ongoing conversations to Honcho.
Before installing, review which workspace memory files may be uploaded, confirm that Honcho or your self-hosted endpoint is an acceptable destination, and remember that disabling the plugin stops ongoing observation but may not automatically remove data already uploaded to Honcho.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Conversation content and workspace memory may be retained by Honcho and reused in later interactions.
The plugin stores and reuses conversation context across sessions, which is sensitive and can influence future agent behavior. This is clearly disclosed and aligned with the memory feature.
Once enabled, the plugin will persistently observe conversations in this workspace and send conversation data to `api.honcho.dev` (or your configured `HONCHO_BASE_URL`) to build and retrieve memory.
Enable it only for workspaces where you are comfortable sending memory and conversation data to Honcho or to your configured self-hosted instance; disable it when not needed.
Anyone with access to the local OpenClaw configuration may be able to use or recover the Honcho credential depending on how it is stored.
The setup flow uses a Honcho API key and stores configuration locally. This is expected for the service integration and is disclosed.
Prompt interactively for your Honcho API key ... Write configuration to `~/.openclaw/openclaw.json`
Use a scoped, revocable Honcho API key where possible and protect `~/.openclaw/openclaw.json` with normal local account permissions.
Installing the plugin gives third-party code access according to OpenClaw plugin permissions and the Honcho setup behavior.
The skill directs installation of an external plugin package and, if needed, npm dependency resolution. That is central to the skill, but the installed package contents are not part of the supplied artifact review.
openclaw plugins install @honcho-ai/openclaw-honcho ... cd ~/.openclaw/extensions/openclaw-honcho && npm install
Install only if you trust the Honcho plugin source, and review the plugin package or source repository if your workspace contains sensitive information.