Community code plugin. Review compatibility and verification before install.
Latest release: v11.0.0Download zip
Capabilities
Compatibility
Security Scan
OpenClaw
Suspicious
high confidencePurpose & Capability
The memory purpose is coherent for search/save memory, auto-recall, and auto-capture, but the manifest and runtime allowlist also include lobu_search_sdk, lobu_query_sdk, lobu_query_sql, and lobu_run_sdk; the runtime text describes lobu_run_sdk as full SDK execution, which is broader than a memory-only plugin.
Instruction Scope
The README discloses autoRecall and autoCapture defaults, but the runtime automatically captures the latest user and assistant messages after sessions and sends them to save_memory without artifact-level redaction, retention, or per-session consent controls.
Install Mechanism
The npm package has no install/postinstall lifecycle script. Authentication is configured through token, tokenCommand, or device login; tokenCommand intentionally executes a configured shell command to obtain a bearer token.
Credentials
Network access to the configured MCP endpoint is expected, but after login or when a stored token exists the plugin auto-starts a detached npx connector-worker daemon with the access token, which is not clearly disclosed in the README or manifest.
Persistence & Privilege
The plugin persists OAuth tokens under ~/.lobu/openclaw-auth.json with restrictive file permissions and automatically persists conversation observations to remote memory when autoCapture is enabled by default; review/delete/retention controls are not described in the artifacts.
Scan Findings in Context
[SDI-1] unexpected: Verified in artifact: the plugin name, kind, and README present memory functionality, while runtime registration also permits SDK and SQL tools. This supports a Review concern rather than a malicious verdict.
[SDI-2] unexpected: Verified in artifact: the hardcoded allowlist includes search_sdk, query_sdk, query_sql, and run_sdk. These tools are only registered if the MCP server exposes them, but they are still broader than the stated memory purpose.
[SQP-2] expected: Auto-capturing conversation observations is aligned with a memory plugin and is disclosed, but default-on remote storage of prompt/response content lacks clear privacy, redaction, and retention guidance.
[SQP-1] expected: Search/save memory actions are expected, but the same plugin also exposes higher-impact SDK/SQL actions without clear consent boundaries in the manifest description.
[SQP-3] expected: The default true autoCapture setting is explicitly present in the schema and README, but it materially increases privacy risk because conversation content may be stored automatically.
[suspicious.dangerous_exec] expected: The detected command execution is mostly explained by tokenCommand handling and short node subprocesses; however, the auto-started npx connector-worker daemon is under-disclosed and contributes to the Review verdict.
[suspicious.exposed_secret_literal] expected: The cited clientSecret handling is not a hardcoded secret; it stores an OAuth client secret returned during device login when present.
[suspicious.potential_exfiltration] expected: Reading stored Lobu auth tokens and using them for MCP requests is expected for this authentication model, with local token storage permissions set to 0600.
[VirusTotal] expected: VirusTotal telemetry was clean and does not add negative evidence.
What to consider before installing
Install only if you are comfortable giving this plugin access to your Lobu MCP workspace, allowing default automatic capture of conversation snippets into remote long-term memory, and exposing Lobu SDK/SQL execution tools to the agent. Consider disabling autoCapture unless you have clear data-handling rules, and avoid using it with secrets or sensitive business data unless Lobu retention and deletion controls are acceptable.dist/index.js:359
Shell command execution detected (child_process).
dist/index.js:252
Environment variable access combined with network send.
dist/index.js:183
File appears to expose a hardcoded API secret or token.
dist/index.js:155
Sensitive-looking file read is paired with a network send.
Patterns worth reviewing
These patterns may indicate risky behavior. Check the VirusTotal and OpenClaw results above for context-aware analysis before installing.Verification
Tags
@lobu/openclaw-plugin
Lobu memory plugin for OpenClaw. Gives OpenClaw agents persistent, structured memory over MCP — recall relevant facts before each prompt and capture new observations after each session.
Full install guide: lobu.ai/connect-from/openclaw
Install
openclaw plugins install @lobu/openclaw-plugin
Then log in and configure against your Lobu memory MCP endpoint:
lobu login
lobu memory configure --url <mcp-url> --org <org-slug>
lobu memory health --url <mcp-url> --org <org-slug>
Replace <mcp-url> with your workspace MCP URL (for example https://lobu.ai/mcp/acme, or http://localhost:8787/mcp for the local runtime). lobu memory configure writes a tokenCommand that uses lobu token --raw, so the plugin reuses the top-level Lobu CLI login.
Configuration
| Field | Description |
|---|---|
mcpUrl | Full MCP endpoint URL. Required. |
webUrl | Public web URL for the Lobu memory instance. Used to generate links shown to the agent. |
token | Bearer token for MCP requests. Optional — if unset, the plugin runs interactive device login. |
tokenCommand | Shell command that prints a bearer token to stdout. Alternative to token. |
headers | Extra HTTP headers for MCP requests. |
autoRecall | Search Lobu memory for relevant memories before each prompt. Default true. |
recallLimit | Maximum recalled memory records per request. Default 6. |
autoCapture | Capture conversation observations as long-term memories after each session. Default true. |
agentId | Agent ID this plugin instance is bound to. When set, autoCapture stamps metadata.agent_id on every save so search_memory's agent_id filter can scope recall to this agent's own writes. Falls back to LOBU_AGENT_ID env. |
See openclaw.plugin.json for the full schema.
License
BUSL-1.1. See the repository LICENSE.