ClawHub

Openclaw Semantic Memory

v1.0.0

Local semantic memory with vector search and Transformers.js. Store, search, and recall conversation context using embeddings (fully local, no API keys).

0· 1.3k·7 current·9 all-time
byzuiho@zuiho-kai
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The name/description (local semantic memory with Transformers.js and optional Qdrant) matches the code and manifest. Required binaries (node, npm), dependencies (@xenova/transformers, @qdrant/js-client-rest) and configuration options (qdrantUrl, persistToDisk, storagePath, autoCapture) are all appropriate and expected for this functionality.
Instruction Scope
SKILL.md describes installing, downloading a ~25MB model from Hugging Face, persisting memories to ~/.openclaw-memory/, and optional auto-capture that is disabled by default. The runtime instructions and code reference only local disk paths, the optional Qdrant URL, and the Transformers.js pipeline — they do not instruct the agent to read unrelated system files, environment secrets, or post data to unexpected endpoints. The autoCapture feature can capture user text if enabled; the skill warns about PII and provides opt-in controls.
Install Mechanism
The registry entry includes no automated install spec (instruction-only), which limits automatic disk writes. The project does include package.json and package-lock; following the README or manual install will pull dependencies from npm (including native modules such as sharp and onnxruntime). That is normal for an ML plugin but increases install-time surface (network downloads and native build requirements). No opaque or shortener URLs or extract-from-arbitrary-URL installs were found.
Credentials
The skill declares no required environment variables or primary credential. The only external connection is an optional qdrantUrl configuration (user-provided) and downloading the embedding model from Hugging Face (no API key required). There are no requests for unrelated secrets or multiple unrelated credentials.
Persistence & Privilege
The skill does persist data by default to a user-owned directory (~/.openclaw-memory/) which is appropriate for a memory plugin. always: false and standard autonomous invocation are set. The plugin does not request system-wide privileges or modify other skills' configs. AutoCapture is opt-in and PII capture requires a separate opt-in flag.
Assessment
This plugin appears internally consistent with its stated purpose. Before installing: 1) Be aware it will by default store memories under your home directory (~/.openclaw-memory/); disable persistToDisk if you want volatile memory. 2) The first run downloads a ~25MB model from huggingface.co and npm install will fetch and may build native modules (sharp, onnxruntime) — ensure you have build tools or prefer running in an isolated/test environment. 3) Do not enable autoCapture or allowPIICapture in shared or production environments unless you understand the privacy implications. 4) If you plan to use an external Qdrant server, only configure a trusted endpoint. 5) If concerned, review index.js and package-lock.json locally and install with npm ci to lock dependency versions.

Like a lobster shell, security has layers — review code before you run it.

latestvk979nv0y7dp3sfv9w6rhbkkzas818hfs

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

Binsnode, npm

Comments