OpenClaw Memory Qdrant
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: memory-qdrant Version: 1.0.10 The OpenClaw AgentSkills skill bundle 'memory-qdrant' is classified as benign. The code and documentation clearly outline its purpose as a local semantic memory system. It transparently declares network access for downloading an embedding model from Hugging Face and for optional external Qdrant server connections. Crucially, the `index.js` file implements robust input sanitization (`sanitizeInput`) to prevent XSS and other injection attacks, and includes explicit prompt injection defenses (`formatRelevantMemoriesContext`) to instruct the AI agent not to execute commands found in recalled memories. The `CHANGELOG.md` and `test-fixes.js` files demonstrate a proactive approach to security, detailing fixes for previous vulnerabilities such as ReDoS, memory leaks, and error information leakage, indicating responsible development rather than malicious intent. All dependencies are appropriate for the stated functionality, and there is no evidence of data exfiltration, unauthorized execution, or persistence mechanisms.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
First use may contact Hugging Face and npm/native dependency tooling, which matters in restricted or high-assurance environments.
The skill depends on a remote model download and native npm dependencies during setup/first use. This is disclosed and expected for local embeddings, but it is still a supply-chain and environment consideration.
This plugin downloads a 25MB embedding model from Hugging Face on first run and may require build tools for native dependencies (sharp, onnxruntime).
Install from the intended ClawHub/package source, prefer reproducible installs such as npm ci where applicable, and allow the model download only if you trust the source and need local embeddings.
Stored memories may affect future agent responses, and sensitive details could be recalled later if saved.
The skill can retain conversation-derived memories, including PII if autoCapture is enabled, and can automatically reinsert retrieved memories into future context.
`autoCapture` (default: false) - Auto-record conversations. Note: trigger patterns include email/phone regex, so enabling this may capture PII. - `autoRecall` (default: true) - Auto-inject relevant memories
Keep autoCapture off unless you explicitly want it, review or delete stored memories periodically, and avoid storing secrets or highly sensitive personal data.
A remote or shared Qdrant server could expose saved conversation memories to whoever controls or can access that server.
When qdrantUrl is configured, memory text and metadata are sent to that Qdrant server instead of staying only in the process memory.
**Qdrant mode**: Data sent to configured server (use trusted servers only)
Use the default in-memory mode for private local use, or configure only a trusted/local Qdrant instance with appropriate access controls.