← Back to Skills Marketplace
1964
Downloads
4
Stars
7
Active Installs
3
Versions
Install in OpenClaw
/install openclaw-mem0
Description
Adds intelligent long-term memory to agents for auto-capturing, recalling, and managing user facts and preferences across sessions.
Usage Guidance
This plugin implements Mem0 memory features and will send stored conversation data to whatever Mem0 host you configure. Before installing: 1) Confirm you intend to provide a Mem0 API key (platform mode) or run a trusted self-hosted Mem0 instance (open-source mode). The registry metadata not listing required env vars is inconsistent—treat the plugin as requiring a Mem0 key. 2) If you care about privacy, prefer self-hosted OSS mode or verify the mem0.ai service and the plugin package on npm/GitHub. 3) Disable Auto‑Capture or set strict customInstructions to avoid storing secrets (passwords, SSNs, API keys); test behavior in a sandboxed agent first. 4) Review the package.json/package-lock or the upstream repository to ensure dependencies are legitimate. 5) Because the plugin injects memories into the system prompt, only enable it for agents you trust. If you want higher assurance, ask the author for a canonical repository/linked release and an explanation for why required env vars are omitted from the registry metadata.
Capability Analysis
Type: OpenClaw Skill
Name: openclaw-mem0
Version: 1.0.2
The plugin is designed to integrate Mem0 for long-term memory, which is a legitimate function. However, it is classified as 'suspicious' due to several risky capabilities. The plugin allows configuration of an arbitrary `host` for the Mem0 API and retrieves the `apiKey` (potentially from `process.env`), meaning a compromised configuration could redirect sensitive data (API key, user memories) to an attacker-controlled server. Furthermore, the `lib/mem0.ts` client exposes powerful Mem0 API features like `createWebhook` and `createMemoryExport` via agent tools. While these are legitimate API features, they could be abused through prompt injection against the AI agent to exfiltrate data or establish unauthorized communication channels. The `oss.historyDbPath` in `index.ts` also uses `api.resolvePath`, which could be a local file system vulnerability if the OpenClaw platform's path resolution is not adequately sandboxed.
Capability Assessment
Purpose & Capability
The code and SKILL.md implement a Mem0 memory plugin (platform and OSS modes) which matches the implied purpose. However the registry metadata declares no required environment variables or primary credential while the README/SKILL.md and plugin UI expect a Mem0 API key (MEM0_API_KEY) and host configuration. The package contains mem0ai and other dependencies in package.json/package-lock, but the skill metadata did not declare these needs. Missing top-level description/homepage in the registry is also a minor red flag.
Instruction Scope
SKILL.md instructs the agent to Auto‑Recall (search memories and inject results into the system prompt before each agent turn) and Auto‑Capture (analyze each turn and store key facts after each turn). Those behaviors are expected for a memory plugin but effectively allow automatic modification of system prompts and automatic exfiltration of conversational content to the configured memory backend. The SKILL.md does not instruct reading unrelated local files or other credentials, but the pre-scan flagged 'system-prompt-override' is expected here because the plugin intentionally injects memory into the system prompt.
Install Mechanism
No explicit install spec was provided in the registry (instruction-only), which is lower risk, but the bundle includes source files, package.json, and a package-lock with many dependencies (mem0ai, openclaw, etc.). If you install via the OpenClaw CLI/npm, these dependencies will be fetched from npm. The presence of substantial dependencies is plausible but should be audited (package-lock is large and pulls many transitive libs).
Credentials
The skill metadata lists no required env vars or primary credential, yet SKILL.md and plugin UI examples expect a Mem0 API key (and optionally MEM0_HOST) for platform mode. That mismatch is an inconsistency: the plugin will need credentials to send user memory to the Mem0 backend but the registry did not declare this. Requesting a single API key for the memory backend is proportional to the feature, but the missing declaration and no clear guidance about protecting sensitive info are concerning.
Persistence & Privilege
The plugin is not marked 'always: true' (good). It allows autonomous invocation (default) which is normal for plugins. However Auto‑Recall/Auto‑Capture grant it broad ability to read and inject context and to transmit conversation content to the configured backend — a powerful capability that can leak sensitive data if misconfigured or if the backend is untrusted. The plugin provides controls (customInstructions, toggles) but those rely on operator configuration.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install openclaw-mem0 - After installation, invoke the skill by name or use
/openclaw-mem0 - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.2
- No changes detected in files for version 1.0.2.
- Documentation and functionality remain unchanged from the previous version.
v1.0.1
- Removed integration and unit test files.
- No user-facing or documentation changes.
v1.0.0
Changelog for openclaw-mem0 v1.0.0:
- Initial release of the OpenClaw Mem0 Plugin.
- Adds intelligent long-term memory for agents, enabling them to remember user preferences, facts, and past conversations automatically.
- Supports both platform (cloud via mem0.ai API) and open-source (self-hosted Chroma) modes.
- Implements auto-recall (fetch relevant context) and auto-capture (store key facts) features.
- Provides manual tools for storing, searching, listing, and forgetting memories.
- Includes setup instructions and examples in SKILL.md.
Metadata
Frequently Asked Questions
What is Openclaw Mem0?
Adds intelligent long-term memory to agents for auto-capturing, recalling, and managing user facts and preferences across sessions. It is an AI Agent Skill for Claude Code / OpenClaw, with 1964 downloads so far.
How do I install Openclaw Mem0?
Run "/install openclaw-mem0" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Openclaw Mem0 free?
Yes, Openclaw Mem0 is completely free (open-source). You can download, install and use it at no cost.
Which platforms does Openclaw Mem0 support?
Openclaw Mem0 is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Openclaw Mem0?
It is built and maintained by xRay2016 (@xray2016); the current version is v1.0.2.
More Skills