← Back to Skills Marketplace
shivaclaw

Trident Plugin

by Shiva&G · GitHub ↗ · v2.0.0 · MIT-0
cross-platform ⚠ suspicious
62
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install project-trident-plugin
Description
Permanent memory for OpenClaw agents. Lossless capture, intelligent routing, semantic recall, and disaster recovery in five tiers.
Usage Guidance
What to check before installing Trident: - Inspect the code and scripts: open index.ts, any scripts/install.sh, activate.sh, and plugin-manifest.json to see exactly what will run on activation (downloads, file writes, cron setup). - Verify binary sources and hashes: the plugin will download native binaries (Qdrant, FalkorDB). Confirm the exact download URLs and compare SHA256 signatures before allowing automatic setup. The qdrant example uses GitHub releases (reasonable); FalkorDB source is not consistently shown — confirm it. - Confirm where credentials are expected: docs reference embedding APIs and Qdrant API keys but the registry lists no required env vars. Decide how you will supply secrets (secure vault / environment) and ensure they are not stored in plaintext in config files. - Run in a sandbox first: if possible, test in an isolated VM/container with limited network and filesystem access to confirm behavior and outputs before enabling on your main agent. - Check template integrity and audit logs: the plugin claims SHA256 template verification and audit logging — verify these mechanisms are implemented and that the approval workflow prevents unverified templates from running automatically. - Consider disabling semantic recall initially: if you don't need vector search, keep semantic_recall_disabled until you review the binary installs, credential handling, and code. - Back up existing memory: before migrating or activating, back up ~/.openclaw/workspace/memory and any related files. Why I flagged this as suspicious (not outright malicious): the overall feature set fits the stated purpose, but there are inconsistent documentation claims and runtime behaviors (automatic binary downloads, scheduled execution, undeclared credential needs) that increase risk. If you can review the code and verify download URLs and signature checks, many of these concerns can be mitigated.
Capability Analysis
Type: OpenClaw Skill Name: project-trident-plugin Version: 2.0.0 The Trident plugin implements a complex, five-tier memory system that introduces high-risk behaviors, most notably the automatic downloading and execution of external binaries (Qdrant and FalkorDB) and the establishment of persistence via cron jobs for 'signal routing.' While these capabilities are plausibly required for the stated purpose of providing a persistent vector and graph-based memory, the combination of remote binary execution, broad file system permissions (~/.openclaw/workspace/), and background task scheduling creates a significant attack surface. The absence of the actual lifecycle scripts (install.sh, activate.sh) mentioned in the manifest prevents a full verification of the installation logic.
Capability Tags
cryptorequires-sensitive-credentials
Capability Assessment
Purpose & Capability
The declared purpose (agent memory, capture, routing, optional semantic recall) aligns with the files and tooling described (SQLite, .md buckets, Qdrant, FalkorDB, git backups). However there are internal inconsistencies: SKILL.md emphasizes Layer 1.5 (semantic recall) as "MANDATORY" in v2.0, while many install/config examples show semantic_recall_enabled: false and provide a "Trident Lite (No Docker)" path. Also docs say "No credentials in config — API keys expected from environment" but the package references qdrant_api_key, embedding_model keys, and other secrets in config.schema examples. These mismatches reduce confidence that requirements are fully specified.
Instruction Scope
Runtime instructions include: creating and writing to ~/.openclaw/workspace/memory, scheduling a cron-like Layer 0.5 signal router, copying and enforcing SHA256 checks for prompt templates, and automatically checking for — and downloading/extracting — native binaries (Qdrant, FalkorDB) on first run. Those are broad actions: network downloads + extraction and scheduled autonomous execution of prompt templates. The instructions also tell the agent to run 'openclaw trident setup-binaries' and to schedule/activate cron tasks; these operations can introduce complex I/O and networking at runtime. The SKILL.md and INSTALL.md also instruct editing/loading of openclaw.json and managing keys, but the registry metadata declares no required environment variables — a mismatch that means the runtime agent may request secrets not declared ahead of install.
Install Mechanism
There is no install spec in the registry (instruction-only), lowering static install risk. However the plugin's runtime behaviour explicitly performs network downloads and extracts native binaries (Qdrant and FalkorDB). The qdrant install example uses a GitHub releases URL (reasonable), but FalkorDB's binary source is not consistently documented in the provided excerpts. Automatic download+extract behavior is higher-risk than pure instruction-only usage because arbitrary binaries will be written and started on the host; you should verify the exact URLs and hashes before allowing setup-binaries to run.
Credentials
Registry metadata lists no required env vars or primary credential, but the docs and config.schema reference API keys and embedding providers (Anthropic/OpenAI embeddings, Qdrant API key, FalkorDB graph key). The package also says "No credentials in config — API keys expected from environment." That is inconsistent: the plugin will need external credentials for cloud-mode Qdrant/embeddings, but it does not declare them in the manifest. This mismatch could lead to the agent requesting sensitive keys at runtime without them being declared in the registry metadata.
Persistence & Privilege
The plugin creates persistent state (memory files under ~/.openclaw/workspace/memory), schedules recurring work (Layer 0.5 cron/heartbeat), and can auto-install/run native binaries. These behaviors are expected for a persistent-memory plugin, and 'always: false' is set (good). However autonomous invocation combined with auto-downloaded binaries and scheduled task creation raises the blast radius if the plugin or templates are malicious or tampered with — review template integrity checks and cron scope before enabling.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install project-trident-plugin
  3. After installation, invoke the skill by name or use /project-trident-plugin
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v2.0.0
**Major release: Trident v2.0 introduces a full five-tier memory system and makes semantic recall mandatory for all agents.** - Implements five-tier architecture for agent memory: lossless capture, signal routing, hierarchical storage, semantic recall, and disaster recovery. - Semantic recall (Layer 1.5) with Qdrant + FalkorDB is now required for all deployments, improving context retrieval at scale. - Four core utilities available: memory search, expand, update, and high-precision recall with vector and entity graph backing. - Installation process now automatically handles the setup and download of required Qdrant and FalkorDB binaries. - Flexible deployment across native binaries, Docker, cloud, and air-gapped environments. - Clear configuration and cost breakdown for self-hosted and cloud-based options.
Metadata
Slug project-trident-plugin
Version 2.0.0
License MIT-0
All-time Installs 0
Active Installs 0
Total Versions 1
Frequently Asked Questions

What is Trident Plugin?

Permanent memory for OpenClaw agents. Lossless capture, intelligent routing, semantic recall, and disaster recovery in five tiers. It is an AI Agent Skill for Claude Code / OpenClaw, with 62 downloads so far.

How do I install Trident Plugin?

Run "/install project-trident-plugin" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Trident Plugin free?

Yes, Trident Plugin is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does Trident Plugin support?

Trident Plugin is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Trident Plugin?

It is built and maintained by Shiva&G (@shivaclaw); the current version is v2.0.0.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 Comments