← Back to Skills Marketplace

pinecone-memory

Name: pinecone-memory
Author: chenni666

by chenni666 · GitHub ↗ · v1.0.1 · MIT-0

cross-platform ⚠ suspicious

129

Downloads

Stars

Active Installs

Versions

Install in OpenClaw

/install pinecone-memory

Description

将 OpenClaw 记忆系统接入 Pinecone 向量数据库，用于语义检索与记忆持久化。Use when: 用户要求同步记忆到 Pinecone、执行语义搜索、为记忆做云端备份、对大规模记忆进行高效检索。

Usage Guidance

What to check before installing and running this skill: - Metadata mismatch: the registry metadata claims no required env vars, but the SKILL.md and code require PINECONE_API_KEY and Node.js. Assume PINECONE_API_KEY is required until the registry entry is corrected. - Install safely: run npm install in an isolated environment if you need to install dependencies. Review package.json (it depends on @pinecone-database/pinecone) and prefer installing in a controlled environment (container, VM) first. - Test with non-production credentials: use a throwaway Pinecone API key and a non-production index/namespace when you first run check/sync/heartbeat/cleanup. - Inspect default paths: by default the tool reads MEMORY.md and recursively reads the 'memory' folder — ensure these paths don't include sensitive files. If you pass custom paths, validate them carefully. - Be careful with destructive commands: cleanup deletes namespace data; restore/write operations modify your index. Don’t run cleanup/restore against production namespaces without backups and explicit confirmation. - Local artifacts: the tool writes .pinecone-memory-state.json and JSONL backups. Ensure these files are stored securely (they may contain excerpts of your memories) and exclude them from public repos. - Review code if you need higher assurance: the included tools/pinecone-memory.mjs is readable; if you are not comfortable, have a developer audit network calls and confirm there are no hidden endpoints beyond the Pinecone SDK usage. If you want, I can: - Summarize the remainder of tools/pinecone-memory.mjs (file was truncated in the manifest) and look specifically for network calls or surprising behavior, or - Produce a short checklist/command sequence to safely try this skill in a sandboxed environment.

Capability Analysis

Type: OpenClaw Skill Name: pinecone-memory Version: 1.0.1 The skill is a legitimate utility for integrating Pinecone as a semantic memory backend for OpenClaw. It includes proactive security features such as the `redactSensitive` function in `tools/pinecone-memory.mjs` to strip API keys and passwords from text before syncing. The code follows the stated purpose of document synchronization, querying, and health monitoring using the official Pinecone SDK, with no evidence of data exfiltration to unauthorized endpoints or malicious execution.

Capability Tags

crypto

Capability Assessment

ℹ Purpose & Capability

The skill's stated purpose (persist OpenClaw memory to Pinecone and perform semantic search) aligns with the code and CLI commands: it reads local markdown memory, chunks/redacts text, and upserts/queries a Pinecone index. However the registry metadata provided earlier shows no required env vars or binaries while the SKILL.md (and the code) require Node and PINECONE_API_KEY — that metadata mismatch is an incoherence you should resolve before trusting the skill.

⚠ Instruction Scope

Runtime instructions (SKILL.md) explicitly tell the agent to run node tools/pinecone-memory.mjs with paths like MEMORY.md and 'memory' (a directory). The tool will read arbitrary markdown files under given paths, write a local state file (.pinecone-memory-state.json), write backup JSONL files, and can perform destructive operations (cleanup). Reading local files is expected for a memory-sync tool, but that means the skill will process any files in the supplied paths — if those contain secrets the tool may see them (it tries to redact API keys/tokens/passwords, but redaction is heuristic). The instructions are prescriptive (explicit commands) but grant broad file-read scope via default paths and recursive directory walk; that increases risk if the agent or user accidentally points it to sensitive locations.

ℹ Install Mechanism

Registry shows no install spec (instruction-only), which is lower risk for automatic writes. But the package.json declares a dependency on @pinecone-database/pinecone and Node.js is required; the README/SETUP instructs running npm install. That means installing this skill in practice will fetch an npm package from the public registry — a moderate-risk action (normal for such a tool). There is no remote arbitrary archive download or obscure URL usage in the files provided.

⚠ Credentials

The SKILL.md metadata and code require PINECONE_API_KEY (primary credential) and the code uses it to construct a Pinecone client. That is proportionate to the described purpose. However the registry metadata supplied with the skill bundle incorrectly lists no required env vars — this discrepancy is important to surface: the skill will fail without PINECONE_API_KEY and you should not rely on the registry's empty 'required env' claim. No other secrets (AWS keys, DB creds) are requested in the files provided.

✓ Persistence & Privilege

The skill is not always-enabled and does not request special platform-level privileges. It writes its own state file (.pinecone-memory-state.json), backup JSONL, and suggests cron/heartbeat jobs (user-run). It can perform destructive operations on the target Pinecone namespace (cleanup) which is expected for an index management tool but means you should avoid running cleanup in production namespaces/with production API keys without explicit confirmation.

How to Use

Make sure OpenClaw is installed (local or Docker)
Run the install command in chat: /install pinecone-memory
After installation, invoke the skill by name or use /pinecone-memory
Provide required inputs per the skill's parameter spec and get structured output

Version History

v1.0.1

- Major refactor: simplified and modularized Pinecone memory skill with a new command-line tool. - Added new tools: check, sync, query, stats, heartbeat, cleanup, backup, and restore (all in tools/pinecone-memory.mjs). - Integrated heartbeat for health check and automated write verification. - Improved, clearer SKILL.md and SETUP.md with concise usage and command examples. - Dropped legacy setup.md/skill.md; restructured documentation and metadata in SKILL.md. - Incremental sync, enhanced error reporting, and structured ID/metadata strategy now standard.

v1.0.0

- Initial release: integrates OpenClaw memory system with Pinecone for scalable semantic retrieval and persistent cloud backup. - Supports upserting and querying structured memory records with namespace and metadata filtering. - Provides robust data modeling standards, write/read consistency strategies, and safety filters for sensitive data. - Detailed trigger, usage, and storage rules for conversation memory, project knowledge, user preferences, and more. - Includes example record/data schemas and configuration samples for easy setup.

Metadata

Slug pinecone-memory

Version 1.0.1

License MIT-0

All-time Installs 0

Active Installs 0

Total Versions 2

Frequently Asked Questions

What is pinecone-memory?

将 OpenClaw 记忆系统接入 Pinecone 向量数据库，用于语义检索与记忆持久化。Use when: 用户要求同步记忆到 Pinecone、执行语义搜索、为记忆做云端备份、对大规模记忆进行高效检索。 It is an AI Agent Skill for Claude Code / OpenClaw, with 129 downloads so far.

How do I install pinecone-memory?

Run "/install pinecone-memory" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is pinecone-memory free?

Yes, pinecone-memory is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does pinecone-memory support?

pinecone-memory is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created pinecone-memory?

It is built and maintained by chenni666 (@chenni666); the current version is v1.0.1.

More Skills