ClawHub
Code Pluginsource linked

Memory Enhancementv1.1.0

BGE-M3记忆增强插件,为OpenClaw添加长期记忆功能

@cv-forever/memory-enhancement·runtime memory-enhancement·by @cv-forever
Community code plugin. Review compatibility and verification before install.
openclaw plugins install clawhub:@cv-forever/memory-enhancement
Latest release: v1.1.0Download zip

Capabilities

Tags
executes-codekind:memoryartifact:npm-packnpm-mirror:available
configSchema
Yes
Executes code
Yes
HTTP routes
0
Plugin kind
memory
Runtime ID
memory-enhancement

Compatibility

Built With Open Claw Version
1.0.0
Plugin Api Range
>=2026.2.18
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
high confidence
Purpose & Capability
The artifacts are coherent for a long-term memory plugin: they register memory retrieval/addition tools, query a BGE-M3 HTTP API, persist memories, and inject relevant memories into context. That capability is purpose-aligned but inherently sensitive.
!
Instruction Scope
Memory retrieval is enabled by default and hooks automatically process user messages before prompt building. The add-memory tool encourages saving important conversations, decisions, relationships, and preferences without clear per-item confirmation, sensitivity filtering, or retention boundaries.
Install Mechanism
The npm package does not show an automatic postinstall or service installer. Server setup is manual, but it relies on unpinned Python dependencies and the README includes an optional LaunchDaemon-style persistence example.
!
Credentials
The plugin client defaults to localhost, but the included Mac server binds to 0.0.0.0 and exposes /add_memories, /retrieve, and /clear without authentication. If reachable on a network, other clients could read, poison, or erase stored memories.
!
Persistence & Privilege
The package writes persistent logs under ~/.openclaw/logs and persists memory contents to Redis or disk. Some error/log paths can still record response bodies or message snippets even when detailed content logging is described as disabled, and there is no clear retention or deletion model beyond manual clearing.
Scan Findings in Context
[SDI-4] unexpected: Local logging is expected for debugging, but unconditional response-body logging when detailed logging is said to be disabled is a real privacy mismatch.
[SQP-2] expected: Sending prompts to a memory API and persisting memories are core to this plugin, but automatic default-on transmission plus unauthenticated add/retrieve/clear endpoints make the scope under-controlled.
[SSD-3] expected: Long-term storage of conversation-derived memory is the product purpose, but the artifacts do not demonstrate strong opt-in, minimization, sensitivity filtering, or retention controls.
[SC1] unexpected: The ML and web dependencies are expected, but open-ended requirements reduce reproducibility and make the server harder to secure predictably.
[SC4] unexpected: The dependency advisories are not proof of malicious behavior, but they strengthen the install caution because the server processes untrusted HTTP input and model data.
What to consider before installing
Install only if you deliberately want a long-term memory system that may send conversation text to a local API and retain it. Keep the server bound to localhost or firewalled, do not expose it to shared networks without authentication, avoid storing secrets or sensitive personal data, review and pin server dependencies, and periodically clear both stored memories and ~/.openclaw/logs/memory-enhancement.log.
dist/index.js:1
Environment variable access combined with network send.
dist/index.js:4
File appears to expose a hardcoded API secret or token.
!
openclaw.plugin.json:18
Install source points to URL shortener or raw IP.
Patterns worth reviewing
These patterns may indicate risky behavior. Check the VirusTotal and OpenClaw results above for context-aware analysis before installing.

Verification

Tier
source linked
Scope
artifact only
Summary
Validated package structure and linked the release to source metadata.
Source
github.com/cv-forever/memory-enhancement
Commit
6bb49ae
Tag
6bb49ae
Provenance
No
Scan status
suspicious

Tags

bge-m3
1.0.0
latest
1.1.0
long-term-memory
1.0.0
memory
1.0.0

Memory Enhancement Plugin

BGE-M3 based long-term memory enhancement plugin for OpenClaw.
Automatically retrieves relevant historical memories and injects them into conversation context.

Privacy

Data Flow: This plugin sends user conversation content to a configured BGE-M3 API server for embedding and retrieves relevant historical memories, which are then injected into the agent's context.

Default Configuration (Local-Only): By default, the plugin connects to 127.0.0.1:8080 — a local API server running on your own machine. Your data stays on your device and never leaves your network.

What you should know:

  • Conversation content is sent to the BGE-M3 API server for embedding computation
  • Generated embeddings and memory data are persisted on the server
  • If you override apiHost to a remote server, your conversation data will be sent to that server
  • Logging: by default (logDetailedContent: false), the plugin only logs metadata (query length, status codes, memory count). Set logDetailedContent: true to enable detailed query content logging

Controls:

  • Set enabled: false to completely disable memory retrieval
  • Set logDetailedContent: false (default) to prevent conversation content from appearing in logs
  • Run the BGE-M3 API server locally (default) to keep all data on your machine

Features

  • Automatic memory retrieval — On each session start, queries the BGE-M3 API server for memories relevant to the current context, injects them into before_prompt_build
  • Long-term memory storageadd_memories tool to save important conversations, decisions, and discoveries
  • Memory searchretrieve_memories tool to query stored memories on demand
  • Configurable — threshold, topK, cache, debug logging, all tunable via OpenClaw plugin config

How it works

Session Start
  │
  ▼
before_prompt_build hook
  │
  ├── Extract recent conversation text
  ├── Query BGE-M3 API (POST /retrieve)
  ├── Inject top-K relevant memories into prompt
  │
  ▼
Agent response with memory context

Installation

openclaw plugins install @cv/memory-enhancement
openclaw gateway restart

Configuration

FieldDefaultDescription
enabledtrueEnable/disable the plugin
apiHost127.0.0.1BGE-M3 API server host
apiPort8080BGE-M3 API server port
threshold0.5Similarity threshold (0.0–1.0)
topK3Max memories to inject
timeout15000API call timeout (ms)
maxRetries2Max retries on failure
cacheEnabledtrueEnable query cache
cacheTTL300Cache TTL (seconds)
debugfalseVerbose debug logging
logDetailedContentfalseLog detailed query content (default: false, metadata only)

Prerequisites

  • BGE-M3 API server running on the configured host:port
  • OpenClaw >= 2026.4.0

Server Setup

Memory Enhancement 插件需要一个 BGE-M3 API 服务端来提供记忆检索能力。

服务端代码和部署说明在仓库的 server/ 目录中:

cd server
pip install -r requirements.txt
python3 memory_api_server_mac.py --port 8080

详见 server/README.md

如果需要训练自己的 LoRA 适配器,请参考原始项目仓库(包含完整训练脚本、数据预处理流程和评估工具)。

Version

1.1.0 — Privacy improvements: added Privacy section to README, logDetailedContent config, privacy warning on plugin load

Author

小爪 🐾