Community code plugin. Review compatibility and verification before install.
Latest release: v0.3.0Download zip
Capabilities
Compatibility
Security Scan
OpenClaw
Suspicious
high confidencePurpose & Capability
The stated purpose is persistent agent memory, and the plugin coherently registers a context engine plus memory tools for recording, searching, compacting, and rehydrating context. The concern is that code auto-ingests raw user and assistant message text, while the skill text mainly frames recording as deliberate decisions, observations, tasks, flags, and tool/session metadata.
Instruction Scope
The skill instructs startup retrieval of summaries, recent events, and flags by default, and the search tool performs global cross-session search before honoring a provided session key. That makes memory recall broader than a user may expect from session-scoped parameters.
Install Mechanism
The package is a community OpenClaw context-engine plugin that executes JavaScript but has no setup script, no service installer, and clean static-scan and VirusTotal telemetry. Dependency ranges include openclaw "*", which is a low supply-chain hygiene issue rather than evidence of abuse.
Credentials
The default endpoint is localhost, but the endpoint is configurable and the plugin transmits conversation-derived memory events, checkpoints, heartbeats, summaries, and search requests to that Lethe server using an optional API key. That access is purpose-aligned but sensitive.
Persistence & Privilege
The skill emphasizes append-only durable memory that survives restarts, automatic bootstrap/assemble behavior, and prompt reinjection of summaries and recent events. There is no clear redaction, consent gate, retention limit, or strict deletion model in the artifacts reviewed.
Scan Findings in Context
[SSD-3] expected: Persistent storage and later prompt reuse are core to this memory plugin, but the scanner's concern is accepted because the artifacts show raw message ingestion and broad default retrieval without visible redaction or sensitivity filtering.
[E1] expected: HTTP POST/PUT calls to a Lethe API are expected for memory recording. This is not treated as malicious exfiltration because the destination is configured by the user and defaults locally, but it remains sensitive if pointed at a remote server.
[SDI-4] unexpected: The documented route and session-scoping mismatches are real maintenance and user-expectation issues, especially the global-first search despite a sessionKey parameter, and they contribute to the Review verdict.
[MP3] expected: Memory manipulation is the advertised capability. I do not treat this as malicious by itself, but durable prompt rehydration increases the importance of scoping and redaction controls.
[EA3] expected: The cited wording is general operating guidance for a memory skill and is not enough on its own to show unrelated agency.
[SC1] unexpected: Unpinned or broad dependency ranges are low-severity supply-chain hygiene findings; they are not the main reason for the verdict.
What to consider before installing
Install only if you are comfortable with an agent memory layer storing and later replaying conversation-derived content. Use a trusted local Lethe endpoint unless you intentionally want remote storage, avoid sharing secrets while it is enabled, and verify retention, deletion, redaction, and session-scoping behavior before using it for private or regulated work.