← 返回 Skills 市场
418
总下载
0
收藏
0
当前安装
14
版本数
在 OpenClaw 中安装
/install memex
功能描述
Unified memory plugin for OpenClaw — conversation memory + document search in a single SQLite database. 90% E2E accuracy on LongMemEval (ICLR 2025) with GPT-...
安全使用建议
This plugin implements a full local memory + document-search system but several things don't add up and you should review them before installing:
- Missing registry declarations: The registry metadata claims no required env vars, but the plugin requires an embedding API key (embedding.apiKey) and may use optional reranker/generation API keys. Treat the embedding API key as sensitive.
- Data flow: The plugin will read local markdown/workspace files and conversation turns, chunk them, and send text to whatever embedding endpoint you configure (OpenAI-compatible or other). If you use a remote embedding provider, that provider will receive the content you index — do not use a shared/production API key if you have sensitive documents.
- AutoCapture (prompt injection): By default the plugin enables 'autoCapture', which injects a system prompt that encourages the LLM to call memory_store and persist facts. This can cause automatic storage of sensitive information. Consider disabling autoCapture (openclaw config set plugins.entries.memex.config.autoCapture false) until you review the code and configuration.
- Telemetry: The bundle depends on @ofan/telemetry-relay-sdk and calls initTelemetry; inspect src/telemetry.ts to verify what is sent and where. If you do not trust the telemetry endpoint, disable or remove telemetry calls.
- Source provenance: The skill's 'Source' is unknown and homepage is none. The package.json points to a GitHub repo but the registry metadata and version numbers differ (openclaw.plugin.json lists 0.5.11, package.json 0.5.12). Prefer plugins from known/trusted origins and verify the upstream repository and releases.
- Quick mitigations before installing: set documents.enabled=false, autoCapture=false, autoRecall=false; configure embedding baseURL to a trusted local endpoint or use ephemeral API keys; review src/telemetry.ts and remove/disable telemetry; run the plugin in a sandboxed environment first.
If you want, I can: (1) search the provided sources (telemetry.ts, memory-instructions, embedder) for outbound endpoints and explicit network calls, (2) extract the exact lines where autoCapture/system-prompt injection is implemented, or (3) produce a minimal config snippet that disables auto-capture and document indexing.
功能分析
Type: OpenClaw Skill
Name: memex
Version: 0.5.12
The plugin exhibits several high-risk behaviors that, while potentially functional, align with techniques used for stealth and data collection. Most notably, src/telemetry.ts uses base64 obfuscation for its reporting URL and API token, with a code comment explicitly stating this is done to 'avoid false-positive VirusTotal flags'—a common tactic for evading automated security analysis. Additionally, the 'audit_logs' feature in index.ts and src/health.ts reads local system logs from /tmp/openclaw and transmits them to external LLM providers, posing a significant risk of credential or sensitive data exfiltration. Finally, src/embedder.ts implements a custom HTTP client using raw TCP sockets (node:net) to bypass standard fetch behavior, which is unusual for a high-level plugin and increases the potential for network-based exploitation.
能力标签
能力评估
Purpose & Capability
The code and SKILL.md align with a 'memory' plugin: SQLite-backed memories + document indexing + embedding calls. However the registry metadata claims no required env vars/credentials while both openclaw.plugin.json and the SKILL.md clearly require an embedding API key (embedding.apiKey). The plugin imports a telemetry SDK and a reranker/generation config which are plausible for the stated purpose but increase scope.
Instruction Scope
SKILL.md instructs enabling autoRecall (inject memories before each turn) and autoCapture (injects a system prompt nudging the LLM to call memory_store). AutoCapture is explicit prompt-injection behavior that will cause the LLM to store facts it deems relevant (possible sensitive data). The plugin also auto-discovers and indexes workspace markdown files and provides CLI commands to re-index and re-embed files — legitimate for document search but means the plugin will read many local files and could send their contents to the configured embedding endpoint.
Install Mechanism
There is no registry install spec, but the SKILL.md gives manual install instructions (clawhub install / npm install). The bundle includes full source (TypeScript) and package.json, which is consistent with a plugin loaded via jiti (no build). No external arbitrary downloads were detected. The mismatch between 'no install spec' and presence of full source is an administrative inconsistency but not itself high risk.
Credentials
Registry metadata lists no required env vars or primary credential, but the plugin requires an embedding.apiKey (documented and enforced by openclaw.plugin.json/config usage) and allows optional reranker/generation API keys. The plugin also imports a telemetry SDK (@ofan/telemetry-relay-sdk) and calls initTelemetry in index.ts; telemetry may send usage or diagnostic data externally. The registry should have declared these required/optional credentials; their absence is an incoherence and a potential exfiltration risk if users supply keys unknowingly.
Persistence & Privilege
always:false (default) and normal autonomous invocation are used. The plugin modifies/reads only its own config paths and data files (SQLite DB, ~/.config/qmd for collections). It does not request blanket 'always' privilege or claim to change other plugins. Note: because it can auto-capture and index workspace files and call external embedding endpoints, its effective data-access footprint is broad — this is expected for a memory plugin but worth explicit consent.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install memex - 安装完成后,直接呼叫该 Skill 的名称或使用
/memex触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v0.5.12
memex v0.5.12
- Added health check endpoint and supporting code for monitoring plugin status.
- Introduced a new flush plan feature for managing memory/index state.
- Added recall-query functionality for improved memory retrieval handling.
- Updated documentation to clarify retrieval accuracy (now “Memory E2E Accuracy”) and enhance clarity.
- Made internal improvements to memory, retrieval, and telemetry modules.
v0.5.11
- Overhauled installation and configuration instructions for clarity and accuracy.
- Added detailed config options and usage examples for auto-recall, auto-capture, per-agent memory scopes, document search, and reranker features.
- Simplified and streamlined the feature description.
- Default settings and configuration parameters are now fully documented.
v0.5.10
- Removed legacy documentation and plans from the docs/ directory for a slimmer codebase.
- Deleted unused test files and package-lock.json.
- No changes to user-facing functionality.
v0.5.9
- Dependency updates in package.json and package-lock.json.
- Internal code and metadata maintenance; no user-facing feature changes.
- Documentation and metadata unchanged.
v0.5.8
- Major documentation expansion: added extensive docs and planning materials, including benchmarks, comparisons, pipeline, requirements, research, resiliency, and technical plans.
- Introduced new test files and infrastructure for benchmarking, chunking, adaptive retrieval, and auto-capture.
- Updated configuration and package metadata.
- Improved groundwork for feature development and quality evaluation.
v0.5.7
Fix openclaw 2026.3.22 SDK breaking change (plugin-sdk → plugin-sdk/core). Add autoCapture/autoCaptureAgents config.
v0.5.6
Rename memoryInstructions to autoCapture. Add autoCaptureAgents whitelist. Validation warnings for empty/unknown agent lists.
v0.5.5
Remove heuristic auto-capture (~130 lines). Add autoRecallLimit config (default 3). R@5=96%.
v0.5.4
- Usage telemetry via telemetry-relay SDK (plugin_registered, recall, store, forget, error)
- autoRecallAgents whitelist — limit recall to specific agents
- autoRecallLimit config (default 3, R@3=90%, R@5=96%)
- Startup warnings for suboptimal recall config
- Reranker recommended when autoRecallLimit=1
- Fix: _registered guard was blocking hook registration
v0.5.3
Fix recall hook registration, Secrets Store for shared CF Access creds, machineId for OpenPanel profiling.
v0.5.2
Telemetry with machineId for OpenPanel profiling, Secrets Store for CF Access.
v0.5.1
Config cleanup, official LongMemEval eval (E2E 90% GPT-4o), vectors_vec bug fix, sessionMemory removed.
v0.5.0
Version alignment. Same as v1.0.0.
v1.0.0
Initial release. R@1=78%, R@3=90%, E2E=88% on LongMemEval.
元数据
常见问题
Memex Publish 是什么?
Unified memory plugin for OpenClaw — conversation memory + document search in a single SQLite database. 90% E2E accuracy on LongMemEval (ICLR 2025) with GPT-... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 418 次。
如何安装 Memex Publish?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install memex」即可一键安装,无需额外配置。
Memex Publish 是免费的吗?
是的,Memex Publish 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
Memex Publish 支持哪些平台?
Memex Publish 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Memex Publish?
由 ofan(@ofan)开发并维护,当前版本 v0.5.12。
推荐 Skills