← Back to Skills Marketplace

Claw Memory

Name: Claw Memory
Author: siddontang

by siddontang · GitHub ↗ · v1.0.0

cross-platform ⚠ suspicious

371

Downloads

Stars

Active Installs

Versions

Install in OpenClaw

/install claw-memory

Description

Shared memory service for AI agents (OpenClaw, KimiClaw, NanoClaw, etc). Use when user asks to store, retrieve, search, or share memories across agent instan...

README (SKILL.md)

Claw Memory Sharing Service

API: https://claw-memory.siddontang.workers.dev

Quick Start

When the user wants to set up Claw Memory, output these commands for them to copy-paste:

Step 1: Install the skill

mkdir -p ~/.openclaw/skills/claw-memory && curl -so ~/.openclaw/skills/claw-memory/SKILL.md https://raw.githubusercontent.com/siddontang/claw-memory/main/SKILL.md

Step 2: Create a memory space

curl -s -X POST https://claw-memory.siddontang.workers.dev/api/tokens | jq .

The response includes a claim_url — open it to claim your database as a permanent TiDB Cloud Starter instance (free). Without claiming, it auto-expires in 30 days.

Step 2b (optional): Create with your own encryption key

curl -s -X POST https://claw-memory.siddontang.workers.dev/api/tokens \
  -H "X-Encryption-Key: \x3CYOUR_SECRET_KEY>" | jq .

If you use an encryption key, include -H "X-Encryption-Key: \x3CYOUR_SECRET_KEY>" on ALL subsequent API calls. Without it, the server cannot decrypt your data.

Step 3: Store your first memory

curl -s -X POST https://claw-memory.siddontang.workers.dev/api/memories \
  -H "Authorization: Bearer \x3CTOKEN_FROM_STEP_2>" \
  -H "Content-Type: application/json" \
  -d '{"content": "Hello from my claw!", "source": "openclaw"}'

When the user says "yes" or confirms, run these commands directly.

Claiming Your Instance (Make It Permanent)

By default, each token gets a TiDB Cloud Zero instance that expires in 30 days. Claim it to make it permanent (free).

Option A: New tokens — claim_url is returned in the POST /api/tokens response. Open it to claim.

Option B: Existing tokens — call the claim endpoint:

curl -s -X POST https://claw-memory.siddontang.workers.dev/api/tokens/\x3CTOKEN>/claim | jq .
# Returns: { claim_url: "https://tidbcloud.com/tidbs/claim/..." }

Then open the claim_url in a browser, log in / sign up to TiDB Cloud, and claim the instance. It becomes a permanent Starter instance — free, no expiry.

After claiming: Your token automatically uses the new permanent instance. No config changes needed.

Architecture

Each token gets its own TiDB Cloud Zero instance (full data isolation)
Connection strings are AES-256-GCM encrypted at rest
Optional client-side encryption via X-Encryption-Key header
Zero instances expire after 30 days — claim to make permanent

API (all memory endpoints need `Authorization: Bearer \x3Ctoken>`)

Method	Endpoint	Body	Description
POST	/api/tokens	—	Create memory space (returns `claim_url`)
GET	/api/tokens/:token/info	—	Space info + stats + `claim_url`
POST	/api/tokens/:token/claim	—	Get/generate claim URL for existing token
POST	/api/memories	`{content, source?, tags?, key?, metadata?}`	Store memory
GET	/api/memories	`?q=&tags=&source=&key=&from=&to=&limit=&offset=`	Search/list
GET	/api/memories/:id	—	Get one
PUT	/api/memories/:id	`{content?, tags?, ...}`	Update
DELETE	/api/memories/:id	—	Delete
POST	/api/memories/bulk	`{memories: [{content, source, tags}...]}`	Bulk import (max 200)

Common Tasks

Upload existing MEMORY.md

# Read the file, then bulk upload
cat ~/.openclaw/workspace/MEMORY.md | jq -Rs '{memories: [{content: ., source: "openclaw", tags: ["memory"], key: "MEMORY.md"}]}' | \
  curl -s -X POST https://claw-memory.siddontang.workers.dev/api/memories/bulk \
  -H "Authorization: Bearer \x3CTOKEN>" \
  -H "Content-Type: application/json" -d @-

Search memories

curl -s "https://claw-memory.siddontang.workers.dev/api/memories?q=\x3CSEARCH>&limit=10" \
  -H "Authorization: Bearer \x3CTOKEN>" | jq .

Create with client-side encryption

curl -s -X POST https://claw-memory.siddontang.workers.dev/api/tokens \
  -H "X-Encryption-Key: \x3CYOUR_SECRET_KEY>" | jq .
# All subsequent requests must include the same X-Encryption-Key header

Encryption

Server key: all connection strings encrypted by default (AES-256-GCM)
Client key (optional): X-Encryption-Key header for double encryption — server alone cannot decrypt

Source: https://github.com/siddontang/claw-memory

Usage Guidance

This skill appears to do what it says: it creates token-backed memory spaces and uploads/searches memories at https://claw-memory.siddontang.workers.dev. Before installing or running it: 1) Inspect the SKILL.md you download (the Quick Start writes a remote SKILL.md into ~/.openclaw/skills). 2) Be aware that uploading/importing (e.g., the MEMORY.md example) will send local file contents to a third-party service — do not upload secrets or sensitive data unless you trust the operator. 3) If you need confidentiality, use the X-Encryption-Key option and keep that key private; without it the service can decrypt your stored data. 4) Verify the GitHub repo and the operator (siddontang) independently if you plan to rely on this long-term. 5) Because the agent can invoke skills autonomously by default, consider requiring explicit user confirmation before allowing commands that read and transmit local files.

Capability Analysis

Type: OpenClaw Skill Name: claw-memory Version: 1.0.0 The skill is classified as suspicious due to two primary reasons. First, the `SKILL.md` file instructs the agent to download and overwrite itself from a remote GitHub URL (`https://raw.githubusercontent.com/siddontang/claw-memory/main/SKILL.md`), introducing a significant supply chain vulnerability that could lead to arbitrary code execution if the GitHub repository is compromised. Second, the skill explicitly reads the content of a local file (`~/.openclaw/workspace/MEMORY.md`) and sends it to an external third-party service (`https://claw-memory.siddontang.workers.dev`). While this aligns with the stated purpose of importing memory, it represents a high data exposure risk if the `MEMORY.md` file contains sensitive user information.

Capability Assessment

✓ Purpose & Capability

The name/description (shared memory for agents) aligns with the actions described in SKILL.md: creating tokens, storing/searching memories, and bulk-importing local MEMORY.md. Required capabilities and files referenced are proportional to the described purpose.

ℹ Instruction Scope

Runtime instructions tell the agent/user to run curl commands that create tokens and upload memory data. They also include a bulk-upload example that reads a local file (~/.openclaw/workspace/MEMORY.md) and sends it to https://claw-memory.siddontang.workers.dev. This is expected for an import/store feature but is a privacy-sensitive action: local content will be transmitted to a third-party service unless you use the optional X-Encryption-Key. The SKILL.md also instructs saving the SKILL.md from GitHub into the skills folder (an installation step).

✓ Install Mechanism

Instruction-only skill (no install spec). The Quick Start suggests curl’ing SKILL.md from raw.githubusercontent.com into ~/.openclaw/skills — a straightforward remote fetch. API endpoints are on a Cloudflare Workers domain. No binary downloads or archive extraction are requested.

✓ Credentials

No environment variables or unrelated credentials are required by the skill. The only secrets involved are tokens returned by the service and an optional X-Encryption-Key for client-side encryption; both are relevant to the stated purpose.

✓ Persistence & Privilege

The skill does not request always:true and does not declare system-wide config modification. The suggested install writes a skill file into the user's ~/.openclaw/skills directory (expected for a skill). Autonomous invocation is allowed by platform default (disable-model-invocation: false).

How to Use

Make sure OpenClaw is installed (local or Docker)
Run the install command in chat: /install claw-memory
After installation, invoke the skill by name or use /claw-memory
Provide required inputs per the skill's parameter spec and get structured output

Version History

v1.0.0

Shared memory service for AI agents. TiDB Cloud Zero backend with claim-to-Starter flow.

Metadata

Slug claw-memory

Version 1.0.0

License —

All-time Installs 0

Active Installs 0

Total Versions 1

Frequently Asked Questions

What is Claw Memory?

Shared memory service for AI agents (OpenClaw, KimiClaw, NanoClaw, etc). Use when user asks to store, retrieve, search, or share memories across agent instan... It is an AI Agent Skill for Claude Code / OpenClaw, with 371 downloads so far.

How do I install Claw Memory?

Run "/install claw-memory" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Claw Memory free?

Yes, Claw Memory is completely free (open-source). You can download, install and use it at no cost.

Which platforms does Claw Memory support?

Claw Memory is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Claw Memory?

It is built and maintained by siddontang (@siddontang); the current version is v1.0.0.

More Skills