OpenClaw Memory Qdrant
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
First use may contact Hugging Face and npm/native dependency tooling, which matters in restricted or high-assurance environments.
The skill depends on a remote model download and native npm dependencies during setup/first use. This is disclosed and expected for local embeddings, but it is still a supply-chain and environment consideration.
This plugin downloads a 25MB embedding model from Hugging Face on first run and may require build tools for native dependencies (sharp, onnxruntime).
Install from the intended ClawHub/package source, prefer reproducible installs such as npm ci where applicable, and allow the model download only if you trust the source and need local embeddings.
Stored memories may affect future agent responses, and sensitive details could be recalled later if saved.
The skill can retain conversation-derived memories, including PII if autoCapture is enabled, and can automatically reinsert retrieved memories into future context.
`autoCapture` (default: false) - Auto-record conversations. Note: trigger patterns include email/phone regex, so enabling this may capture PII. - `autoRecall` (default: true) - Auto-inject relevant memories
Keep autoCapture off unless you explicitly want it, review or delete stored memories periodically, and avoid storing secrets or highly sensitive personal data.
A remote or shared Qdrant server could expose saved conversation memories to whoever controls or can access that server.
When qdrantUrl is configured, memory text and metadata are sent to that Qdrant server instead of staying only in the process memory.
**Qdrant mode**: Data sent to configured server (use trusted servers only)
Use the default in-memory mode for private local use, or configure only a trusted/local Qdrant instance with appropriate access controls.