Latest release: v2026.5.28Download zip
Capabilities
Compatibility
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
The artifact consistently presents itself as a LanceDB-backed long-term memory plugin, and the code implements memory_store, memory_recall, memory_forget, CLI inspection commands, vector search, auto-recall, and optional auto-capture.
Instruction Scope
Auto-recall is enabled by default once the plugin is configured, while auto-capture only runs when configured true; recalled memories are wrapped as untrusted context and escaped, which reduces prompt-injection risk.
Install Mechanism
The package is a trusted @openclaw official npm-pack release with source-linked metadata, no package lifecycle install scripts, locked dependencies, and command activation rather than startup activation in the manifest.
Credentials
The plugin uses a local default database path under ~/.openclaw and may use configured embedding providers or storage options, including remote endpoints, which is proportionate for a memory/vector-search plugin but has privacy implications.
Persistence & Privilege
Persistent memory storage, deletion, and later prompt injection are core to the plugin; the artifact exposes forget/delete controls and limits auto-capture by triggers, length, duplicate checks, and prompt-injection filters.
Scan Findings in Context
[SQP-2] expected: The agent_end hook can persist selected user messages, including contact-like or preference text, but auto-capture is configuration-gated and matches the advertised memory feature.
[SQP-2] expected: Embedding calls send memory/search text to the configured or host embedding provider; this is an expected data flow for vector search and is surfaced through embedding provider, API key, model, and base URL configuration.
[SQP-2] expected: The manifest and README disclose auto-capture, auto-recall, persistent memory tools, embedding setup, database path, and storage options; the disclosure could be more privacy-explicit but is not hidden or purpose-mismatched.
[SSD-3] expected: Stored memories can later be recalled into prompt context, but the code marks them as untrusted historical data and filters obvious prompt-injection patterns, so this is a managed risk rather than evidence of malicious behavior.
Assessment
Install this only if you want OpenClaw to keep long-term memories. Review the embedding provider and base URL because memory text may be sent there for vectorization, keep auto-capture off unless you want conversation content saved automatically, and use memory_forget or the ltm commands to inspect and delete stored memories.dist/index.js:237
File appears to expose a hardcoded API secret or token.
Patterns worth reviewing
These patterns may indicate risky behavior. Check the VirusTotal and OpenClaw results above for context-aware analysis before installing.Verification
Tags
@openclaw/memory-lancedb
Official LanceDB-backed long-term memory plugin for OpenClaw.
This plugin adds persistent memory tools backed by LanceDB, vector search, auto-recall, and auto-capture.
Install
openclaw plugins install @openclaw/memory-lancedb
Restart the Gateway after installing or updating the plugin.
What it provides
memory_storememory_recallmemory_forget- LanceDB vector storage and hybrid memory retrieval.
Configure
Use the memory plugin docs for embedding provider setup, storage paths, indexing, and recall behavior:
Package
- Plugin id:
memory-lancedb - Package:
@openclaw/memory-lancedb - Minimum OpenClaw host:
2026.4.10