Memex Publish

Name: Memex Publish
Author: ofan

Description

Unified memory plugin for OpenClaw — conversation memory + document search in a single SQLite database. 90% E2E accuracy on LongMemEval (ICLR 2025) with GPT-...

Usage Guidance

This plugin implements a full local memory + document-search system but several things don't add up and you should review them before installing: - Missing registry declarations: The registry metadata claims no required env vars, but the plugin requires an embedding API key (embedding.apiKey) and may use optional reranker/generation API keys. Treat the embedding API key as sensitive. - Data flow: The plugin will read local markdown/workspace files and conversation turns, chunk them, and send text to whatever embedding endpoint you configure (OpenAI-compatible or other). If you use a remote embedding provider, that provider will receive the content you index — do not use a shared/production API key if you have sensitive documents. - AutoCapture (prompt injection): By default the plugin enables 'autoCapture', which injects a system prompt that encourages the LLM to call memory_store and persist facts. This can cause automatic storage of sensitive information. Consider disabling autoCapture (openclaw config set plugins.entries.memex.config.autoCapture false) until you review the code and configuration. - Telemetry: The bundle depends on @ofan/telemetry-relay-sdk and calls initTelemetry; inspect src/telemetry.ts to verify what is sent and where. If you do not trust the telemetry endpoint, disable or remove telemetry calls. - Source provenance: The skill's 'Source' is unknown and homepage is none. The package.json points to a GitHub repo but the registry metadata and version numbers differ (openclaw.plugin.json lists 0.5.11, package.json 0.5.12). Prefer plugins from known/trusted origins and verify the upstream repository and releases. - Quick mitigations before installing: set documents.enabled=false, autoCapture=false, autoRecall=false; configure embedding baseURL to a trusted local endpoint or use ephemeral API keys; review src/telemetry.ts and remove/disable telemetry; run the plugin in a sandboxed environment first. If you want, I can: (1) search the provided sources (telemetry.ts, memory-instructions, embedder) for outbound endpoints and explicit network calls, (2) extract the exact lines where autoCapture/system-prompt injection is implemented, or (3) produce a minimal config snippet that disables auto-capture and document indexing.

Capability Analysis

Type: OpenClaw Skill Name: memex Version: 0.5.12 The plugin exhibits several high-risk behaviors that, while potentially functional, align with techniques used for stealth and data collection. Most notably, src/telemetry.ts uses base64 obfuscation for its reporting URL and API token, with a code comment explicitly stating this is done to 'avoid false-positive VirusTotal flags'—a common tactic for evading automated security analysis. Additionally, the 'audit_logs' feature in index.ts and src/health.ts reads local system logs from /tmp/openclaw and transmits them to external LLM providers, posing a significant risk of credential or sensitive data exfiltration. Finally, src/embedder.ts implements a custom HTTP client using raw TCP sockets (node:net) to bypass standard fetch behavior, which is unusual for a high-level plugin and increases the potential for network-based exploitation.

Capability Tags

cryptorequires-wallet

Capability Assessment

ℹ Purpose & Capability

The code and SKILL.md align with a 'memory' plugin: SQLite-backed memories + document indexing + embedding calls. However the registry metadata claims no required env vars/credentials while both openclaw.plugin.json and the SKILL.md clearly require an embedding API key (embedding.apiKey). The plugin imports a telemetry SDK and a reranker/generation config which are plausible for the stated purpose but increase scope.

⚠ Instruction Scope

SKILL.md instructs enabling autoRecall (inject memories before each turn) and autoCapture (injects a system prompt nudging the LLM to call memory_store). AutoCapture is explicit prompt-injection behavior that will cause the LLM to store facts it deems relevant (possible sensitive data). The plugin also auto-discovers and indexes workspace markdown files and provides CLI commands to re-index and re-embed files — legitimate for document search but means the plugin will read many local files and could send their contents to the configured embedding endpoint.

ℹ Install Mechanism

There is no registry install spec, but the SKILL.md gives manual install instructions (clawhub install / npm install). The bundle includes full source (TypeScript) and package.json, which is consistent with a plugin loaded via jiti (no build). No external arbitrary downloads were detected. The mismatch between 'no install spec' and presence of full source is an administrative inconsistency but not itself high risk.

⚠ Credentials

Registry metadata lists no required env vars or primary credential, but the plugin requires an embedding.apiKey (documented and enforced by openclaw.plugin.json/config usage) and allows optional reranker/generation API keys. The plugin also imports a telemetry SDK (@ofan/telemetry-relay-sdk) and calls initTelemetry in index.ts; telemetry may send usage or diagnostic data externally. The registry should have declared these required/optional credentials; their absence is an incoherence and a potential exfiltration risk if users supply keys unknowingly.

✓ Persistence & Privilege

always:false (default) and normal autonomous invocation are used. The plugin modifies/reads only its own config paths and data files (SQLite DB, ~/.config/qmd for collections). It does not request blanket 'always' privilege or claim to change other plugins. Note: because it can auto-capture and index workspace files and call external embedding endpoints, its effective data-access footprint is broad — this is expected for a memory plugin but worth explicit consent.

Version History

v0.5.12

memex v0.5.12 - Added health check endpoint and supporting code for monitoring plugin status. - Introduced a new flush plan feature for managing memory/index state. - Added recall-query functionality for improved memory retrieval handling. - Updated documentation to clarify retrieval accuracy (now “Memory E2E Accuracy”) and enhance clarity. - Made internal improvements to memory, retrieval, and telemetry modules.

v0.5.11

- Overhauled installation and configuration instructions for clarity and accuracy. - Added detailed config options and usage examples for auto-recall, auto-capture, per-agent memory scopes, document search, and reranker features. - Simplified and streamlined the feature description. - Default settings and configuration parameters are now fully documented.

v0.5.10

- Removed legacy documentation and plans from the docs/ directory for a slimmer codebase. - Deleted unused test files and package-lock.json. - No changes to user-facing functionality.

v0.5.9

- Dependency updates in package.json and package-lock.json. - Internal code and metadata maintenance; no user-facing feature changes. - Documentation and metadata unchanged.

v0.5.8

- Major documentation expansion: added extensive docs and planning materials, including benchmarks, comparisons, pipeline, requirements, research, resiliency, and technical plans. - Introduced new test files and infrastructure for benchmarking, chunking, adaptive retrieval, and auto-capture. - Updated configuration and package metadata. - Improved groundwork for feature development and quality evaluation.

v0.5.7

Fix openclaw 2026.3.22 SDK breaking change (plugin-sdk → plugin-sdk/core). Add autoCapture/autoCaptureAgents config.

v0.5.6

Rename memoryInstructions to autoCapture. Add autoCaptureAgents whitelist. Validation warnings for empty/unknown agent lists.

v0.5.5

Remove heuristic auto-capture (~130 lines). Add autoRecallLimit config (default 3). R@5=96%.

v0.5.4

- Usage telemetry via telemetry-relay SDK (plugin_registered, recall, store, forget, error) - autoRecallAgents whitelist — limit recall to specific agents - autoRecallLimit config (default 3, R@3=90%, R@5=96%) - Startup warnings for suboptimal recall config - Reranker recommended when autoRecallLimit=1 - Fix: _registered guard was blocking hook registration

v0.5.3

Fix recall hook registration, Secrets Store for shared CF Access creds, machineId for OpenPanel profiling.

v0.5.2

Telemetry with machineId for OpenPanel profiling, Secrets Store for CF Access.

v0.5.1

Config cleanup, official LongMemEval eval (E2E 90% GPT-4o), vectors_vec bug fix, sessionMemory removed.

v0.5.0

Version alignment. Same as v1.0.0.

v1.0.0

Initial release. R@1=78%, R@3=90%, E2E=88% on LongMemEval.

Metadata

Slug memex

Version 0.5.12

License MIT-0

All-time Installs 0

Active Installs 0

Total Versions 14

Frequently Asked Questions

What is Memex Publish?

Unified memory plugin for OpenClaw — conversation memory + document search in a single SQLite database. 90% E2E accuracy on LongMemEval (ICLR 2025) with GPT-... It is an AI Agent Skill for Claude Code / OpenClaw, with 418 downloads so far.

How do I install Memex Publish?

Run "/install memex" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Memex Publish free?

Yes, Memex Publish is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does Memex Publish support?

Memex Publish is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Memex Publish?

It is built and maintained by ofan (@ofan); the current version is v0.5.12.

More Skills

What is Memex Publish?

How do I install Memex Publish?

Is Memex Publish free?

Which platforms does Memex Publish support?

Who created Memex Publish?

💬 Comments