Description

Correlation-aware memory search plugin for OpenClaw — automatically retrieves related decision contexts when you query memory. Zero external dependencies. In...

README (SKILL.md)

Correlation Memory Plugin

Name: Correlation Memory Search
Author: ether-btc

Correlation-aware memory search for OpenClaw — automatically retrieves related contexts when you query memory.

What It Does

When you search memory for topic X, this plugin also fetches related contexts Y and Z that consistently matter together — based on correlation rules you define.

Example: search for "backup error" → plugin also retrieves "last backup time", "recovery procedures", and "similar errors" — because those contexts are correlated by rule.

Key Features

Decision-context retrieval — surfacing related information before you ask for it
Word-boundary keyword matching — no false positives from partial matches
Confidence scoring — filter/sort by how reliable a correlation is
Multiple matching modes — auto, strict, lenient
Result limiting — max_results parameter prevents output bloat
mtime cache — rules reloaded only when correlation-rules.json changes
LRU regex cache — bounded at 500 entries, no memory leaks
Debug tool — understand why a given context triggered specific correlations
Lifecycle states — rules can be promoted/archived/disabled without deletion

Security

Zero external runtime dependencies (index.ts only imports openclaw/plugin-sdk)
Read-only local file operations (no network, no writes)
No credential or environment variable access
Workspace path resolved via OpenClaw SDK only
npm install fetches only openclaw (peerDep) + vitest (devDep, not bundled) — no postinstall scripts

Correlation Rules

Rules live in memory/correlation-rules.json in your workspace. Example:

{
  "id": "cr-config-001",
  "trigger_context": "config-change",
  "trigger_keywords": ["config", "setting", "openclaw.json", "modify"],
  "must_also_fetch": ["backup-location", "rollback-instructions"],
  "relationship_type": "constrains",
  "confidence": 0.95,
  "lifecycle": { "state": "promoted" }
}

Active states: promoted, active, testing, validated, proposal

Tools Provided

Tool	Description
`memory_search_with_correlation`	Enhanced memory search — automatically fetches correlated contexts from correlation rules
`correlation_check`	Debug tool — shows which rules matched and why without performing searches

Installation

cd ~/.openclaw/extensions
git clone https://github.com/ether-btc/openclaw-correlation-plugin.git correlation-memory
cd correlation-memory && npm install

# Add to openclaw.json
openclaw plugins install correlation-memory
openclaw gateway restart

Requires OpenClaw >= 2026.1.26.

Note: npm install pulls the OpenClaw peer dependency and vitest (dev/test only). The runtime plugin makes no network calls and has zero external dependencies.

This package largely appears to implement the stated correlation-memory feature, but there are notable contradictions you should verify before installing: - Inspect index.ts (and any scripts under scripts/ or the repo root) for any network calls (http(s), WebSocket, fetch, axios, node 'net' or 'http' usage), webhook endpoints, or process.env access. The CHANGELOG mentions webhook HMAC behavior which conflicts with the 'no network' claim. - Open package.json and package-lock.json: confirm runtime dependencies are only the OpenClaw SDK peer dependency (and that npm won't pull unexpected runtime packages or postinstall scripts). Look for postinstall/postinstall scripts or unusual install hooks. - Grep the repo for suspicious strings: 'fetch(', 'require("http"', 'process.env', 'https://', 'WEBHOOK', 'HMAC', 'ssh', 'curl', 'scp', or IP addresses. If you find network code, identify where and why it runs (startup vs opt-in debug path). - Review uninstall.sh to understand exactly what it writes/backs up and whether you consent to those modifications. Test uninstall in a sandbox or staging OpenClaw config first. - If you require a strict 'no-network, no-environment' guarantee, do not install until index.ts and scripts are audited and you confirm no outbound network or secret-reading behavior. - Prefer installing from an authenticated source: verify the GitHub repo owner, check commit history/signatures, and validate the package contents (SHA) if available. The registry metadata lacks a homepage and source verification which lowers trust. If you want, I can: (1) show a prioritized checklist of exact grep commands to run locally, or (2) analyze the index.ts and uninstall.sh contents here if you paste them (or allow me to extract specific parts) and report any network/env/file-write operations I find.

Capability Analysis

Type: OpenClaw Skill Name: correlation-memory Version: 2.1.0 The correlation-memory skill bundle is a legitimate plugin for OpenClaw designed to enhance memory search by automatically retrieving related contexts based on user-defined rules. The core logic in index.ts is well-implemented, featuring keyword matching with regex word boundaries, an LRU cache for performance, and strict input validation for tool parameters. The plugin adheres to its stated security constraints, performing only read-only local file operations on the correlation-rules.json file and making no network requests or environment variable calls. The bundle includes comprehensive documentation, unit tests (tests/correlation.test.ts), and a functional uninstaller script (uninstall.sh). No evidence of malicious intent, data exfiltration, or prompt injection was found.

Capability Tags

crypto

Capability Assessment

⚠ Purpose & Capability

The stated purpose (fetch correlated memory contexts) is consistent with the repo contents (rules, examples, tools). However the docs/changelog mention webhooks, heartbeat integration and an included surfacing script (correlation-surfacing.sh) which implies proactive scanning and possible network/webhook interactions — this contradicts the SKILL.md/README assertion of 'no network' and 'zero external runtime dependencies'.

⚠ Instruction Scope

SKILL.md instructs cloning from GitHub and running npm install and installing as an OpenClaw plugin (expected). But the docs recommend heartbeat integration that invokes a provided script periodically (surfacing on every N heartbeats) which expands runtime behavior beyond just responding to explicit memory queries. Uninstall.sh edits OpenClaw config (writes) and accepts OPENCLAW_CONFIG_PATH — SKILL.md claimed 'read-only local file operations' for runtime, but the bundled scripts do perform writes (during uninstall) and the plugin repository contains scripts that read session context. The instructions also claim no env var usage while some scripts/docs mention environment variables and the uninstall script accepts one.

ℹ Install Mechanism

There is no platform-provided install spec in the registry, but SKILL.md instructs users to git clone https://github.com/ether-btc/openclaw-correlation-plugin.git and run npm install. GitHub is a common host and not inherently suspicious, but any git+npm install downloads code to disk and pulls packages from npm (package-lock.json is present). The skill's text claims 'zero external runtime dependencies' and that npm will only pull a peer dependency and devDeps — this should be verified by inspecting package.json / package-lock.json to confirm there are no runtime dependencies or postinstall scripts.

⚠ Credentials

Registry metadata lists no required env vars, and SKILL.md claims no credential or env access. But multiple docs reference environment variables: uninstall.sh honors OPENCLAW_CONFIG_PATH, CHANGELOG references 'Secrets via environment variables (not hardcoded)', and production docs talk about heartbeat scripts that will read session context (which may contain secrets). These contradictions mean the claim of 'no env/credential access' is not fully supported by the repo metadata; inspect code for process.env usage and any code that reads credential/config files.

ℹ Persistence & Privilege

The skill is not force-installed (always: false) and uses normal plugin lifecycle; it doesn't request global privileges in the registry metadata. However the repository encourages placing a surfacing script into your heartbeat loop (proactive periodic execution) and includes an uninstall script that modifies ~/.openclaw/openclaw.json — both behaviors increase runtime presence compared with a purely on-demand tool. This is explainable for this plugin's purpose but worth confirming you want periodic surfacing.

Version History

v2.1.0

v2.1.0: correlation-stack-consolidation P0-P3 (Phase 0: 12 rules mapped, 51/51 contexts resolved; Phase 1: correlation-surfacing.sh; Phase 2: HEARTBEAT.md integration; Phase 3: 17 stub memory files; rule engine optimizations; security: HMAC-SHA256 webhook, XSS sanitization)

v2.0.3

SKILL.md fixes: correct tool names (memory_search_with_correlation/correlation_check), clarify zero runtime deps, confirm no postinstall scripts

v2.0.2

SKILL.md added (required for ClawHub publish); SE review passed all categories

Metadata

Slug correlation-memory

Version 2.1.0

License MIT-0

All-time Installs 0

Active Installs 0

Total Versions 3

Frequently Asked Questions

What is Correlation Memory Search?

Correlation-aware memory search plugin for OpenClaw — automatically retrieves related decision contexts when you query memory. Zero external dependencies. In... It is an AI Agent Skill for Claude Code / OpenClaw, with 113 downloads so far.

How do I install Correlation Memory Search?

Run "/install correlation-memory" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Correlation Memory Search free?

Yes, Correlation Memory Search is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does Correlation Memory Search support?

Correlation Memory Search is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Correlation Memory Search?

It is built and maintained by austrian_guy (@ether-btc); the current version is v2.1.0.

More Skills

Correlation Memory Search