← Back to Skills Marketplace
joahtheron

letheClaw

by JoahTheron · GitHub ↗ · v1.0.1
cross-platform ⚠ suspicious
663
Downloads
0
Stars
0
Active Installs
2
Versions
Install in OpenClaw
/install letheclaw
Description
Use letheClaw to store, search, and manage memories with criticality and provenance.
README (SKILL.md)

letheClaw — Agent memory

You can use the letheClaw API to store and retrieve memories for the user or the current session. The API base URL is in the environment variable LETHECLAW_API_URL.

Environment patterns:

  • Docker Compose with letheClaw API container: http://api:8080
  • Host machine from Docker Desktop (Windows/Mac): http://host.docker.internal:51234
  • Local testing (same machine): http://localhost:51234

If LETHECLAW_API_URL is unset, try http://host.docker.internal:51234 first (Docker Desktop default), then ask the user.

⚠️ PROTOCOL (NON-NEGOTIABLE)

Retrieval Rule

When the user asks about history, decisions, prior work, "what did we do", or any past context:

  1. ALWAYS query letheClaw API FIRST:

    curl -s "{LETHECLAW_API_URL}/memory/search?q=\x3Cquery>&limit=5"

  2. Use the returned content field directly — search results include full text. No need for memory_get or flat file access.

  3. NEVER use memory_search tool as the first step. That tool searches flat markdown files, which are backup/reference only.

  4. Apply criticality filtering when appropriate:

    • Security/config: add &min_criticality=0.7
    • General recall: add &min_criticality=0.5
    • Exploratory: no filter

  5. Use tag pre-filtering when query domain is clear (e.g., tags=moltbook for Moltbook questions).

  6. letheClaw is the authoritative memory system. Flat files may be stale or incomplete.

Storage Rule

When the user says "log this", "remember that", or you observe something worth recording:

  1. POST to letheClaw API (see "Store a memory" below)
  2. Assign appropriate criticality: 0.3 (transient) → 0.5 (useful) → 0.7 (important) → 0.9 (critical)
  3. Tag precisely: 2-5 specific tags (type + domain, e.g. ["episodic", "security", "moltbook"])
  4. Set source: operator_input (user said it), direct_observation (you verified it), inferred (derived)

No exceptions. This is operator-mandated protocol.

Store a memory

  • POST {LETHECLAW_API_URL}/memory
  • Body (JSON): content (required), optional: source (e.g. operator_input, direct_observation, inferred), tags (array), operator, session_key, context
  • Returns: memory_id (UUID). Save it to update criticality or fetch provenance later.

Search memories (semantic)

  • GET {LETHECLAW_API_URL}/memory/search?q={query}&limit=5
  • Optional: min_criticality (0–1) to filter by importance.
  • Optional: tags (comma-separated) to pre-filter by tag before semantic search (e.g. tags=moltbook,security)
  • Returns: results array with id, content (full text), criticality, tags, source, created_at, access_count

Important: Search results include full content — you do NOT need to call memory_get afterward. Use the returned content directly.

Criticality filtering guidance:

  • Security/config queries: min_criticality=0.7 (critical knowledge only)
  • General recall: min_criticality=0.5 (useful and above)
  • Exploratory search: no filter (all results)

Tag pre-filtering (performance optimization): When query intent is clear, pre-filter by tags to reduce search space:

# "Latest Moltbook posts"
curl "{LETHECLAW_API_URL}/memory/search?q=posts&tags=moltbook,episodic&limit=5"

# "Security findings"
curl "{LETHECLAW_API_URL}/memory/search?q=findings&tags=security,semantic&min_criticality=0.7&limit=3"

Recent memories

  • GET {LETHECLAW_API_URL}/memory/recent
  • Returns: Recently stored memories (from cache or DB).

Update criticality (manual)

  • POST {LETHECLAW_API_URL}/memory/{memory_id}/criticality
  • Body (JSON): criticality (0–1, required), optional reason
  • Use when the user or you want to mark a memory as more or less important.

Mark operator correction

  • POST {LETHECLAW_API_URL}/memory/{memory_id}/correction
  • No body. Call when the user corrects something about this memory; this boosts criticality and increments a correction counter so provenance shows how often it was corrected.

Get provenance

  • GET {LETHECLAW_API_URL}/memory/{memory_id}/provenance
  • Returns: Full memory object plus events (history of criticality changes: manual_boost, operator_correction, etc.) and correction_count.

Errors

  • 400 — Invalid request or invalid memory ID format.
  • 404 — Memory not found (wrong or deleted ID).
  • 5xx — Server/upstream error; suggest checking if letheClaw is running and reachable.

When the user says they want to remember something, search memory, see why a memory is important, or correct a memory, use the appropriate endpoint above.

Usage Guidance
This skill legitimately implements a memory API integration, but pay attention before installing: (1) SKILL.md expects LETHECLAW_API_URL but the skill metadata doesn't declare it — set that yourself and verify it points to a service you control. (2) The protocol forces the agent to query the remote API first and send/receive full content; that can leak private or sensitive conversation/context to whatever server is configured. Only use if LETHECLAW_API_URL points to a trusted, private instance (e.g., local or organizational host). (3) If you can't or won't host the API yourself, consider rejecting or modifying the skill so the agent asks for user permission before sending history, or require an explicit opt-in per memory. (4) Prefer skills that declare required env vars in metadata and provide clear sanitization/consent rules. If you want, ask the publisher to add LETHECLAW_API_URL to required env vars and to make the 'always query first' behavior optional or gated by user consent.
Capability Analysis
Type: OpenClaw Skill Name: letheclaw Version: 1.0.1 The SKILL.md instructions for the AI agent contain a shell injection vulnerability. User-controlled inputs such as `<query>`, `tags`, and `{memory_id}` are directly interpolated into `curl` commands without apparent sanitization. This could allow an attacker to inject arbitrary shell commands (e.g., `q=foo%26%20rm%20-rf%20/`) if the agent executes these commands without proper escaping, leading to potential remote code execution on the host system. This is a critical vulnerability, but it is classified as 'suspicious' rather than 'malicious' as there is no evidence of intentional harmful behavior by the skill author, only an insecure implementation of API interaction.
Capability Assessment
Purpose & Capability
Name/description, manifest permissions (network), and instructions all describe a memory storage/search service — network access is expected. However the SKILL.md depends on an environment variable LETHECLAW_API_URL to locate the service but the skill metadata does not declare any required env vars, creating an inconsistency between what it needs at runtime and what it announces.
Instruction Scope
The SKILL.md enforces a non‑negotiable protocol that the agent must ALWAYS query the remote letheClaw API first for history/recall and to use returned 'content' directly. That drives automatic outbound transmission of memory/search queries and arbitrary content to the configured API. It also instructs posting user-observed content to the API whenever 'remember' is invoked. There is no guidance about sanitization, redaction, or asking for consent before sending potentially sensitive context to an external service.
Install Mechanism
Instruction-only skill with no install spec or code files — minimal installation risk and nothing written to disk by the skill itself.
Credentials
The skill needs an API URL (LETHECLAW_API_URL) at runtime but does not list it as a required environment variable in the registry metadata. No credentials are requested (which is proportionate), but the missing declaration is a mismatch that affects transparency. The manifest's network permission is expected for its purpose but is the primary enabler of sending user data off-host.
Persistence & Privilege
The skill is not always-on, does not request special persistent privileges, and does not modify other skills or system-wide config. Autonomous invocation is allowed (platform default) but not combined with other elevated privileges.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install letheclaw
  3. After installation, invoke the skill by name or use /letheclaw
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.1
letheclaw 1.0.1 — Enhances retrieval protocol and search filtering - Retrieval protocol now clarifies to use the returned `content` field directly; calling `memory_get` is no longer necessary after a search. - Added guidance on criticality filtering for retrieval (e.g., `min_criticality=0.7` for security, `0.5` for general recall, no filter for exploratory). - Introduced tag-based pre-filtering in search queries to improve precision and performance. - Updated search API documentation to include tag pre-filter examples and semantic best practices. - General retrieval and filtering instructions are more explicit for accurate and efficient memory access.
v1.0.0
Initial release of letheClaw — agent memory integration. - Enables storing, searching, and managing memories with criticality and provenance via the letheClaw API. This is a custom build gitHub Project. You can also find the dockerhub images from the user JoahTheron. - Enforces a strict protocol: always query letheClaw first for history/recall; storage must assign criticality, tags, and source. - Supports critical features: semantic search, memory storage, manual criticality updates, operator corrections, and provenance tracking. - Provides precise environment variable guidance and fallback for API connection. - Clearly documents REST endpoints for all memory operations and error handling.
Metadata
Slug letheclaw
Version 1.0.1
License
All-time Installs 0
Active Installs 0
Total Versions 2
Frequently Asked Questions

What is letheClaw?

Use letheClaw to store, search, and manage memories with criticality and provenance. It is an AI Agent Skill for Claude Code / OpenClaw, with 663 downloads so far.

How do I install letheClaw?

Run "/install letheclaw" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is letheClaw free?

Yes, letheClaw is completely free (open-source). You can download, install and use it at no cost.

Which platforms does letheClaw support?

letheClaw is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created letheClaw?

It is built and maintained by JoahTheron (@joahtheron); the current version is v1.0.1.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 Comments