← 返回 Skills 市场
xray2016

Openclaw Mem0

作者 xRay2016 · GitHub ↗ · v1.0.2
cross-platform ⚠ suspicious
1964
总下载
4
收藏
7
当前安装
3
版本数
在 OpenClaw 中安装
/install openclaw-mem0
功能描述
Adds intelligent long-term memory to agents for auto-capturing, recalling, and managing user facts and preferences across sessions.
安全使用建议
This plugin implements Mem0 memory features and will send stored conversation data to whatever Mem0 host you configure. Before installing: 1) Confirm you intend to provide a Mem0 API key (platform mode) or run a trusted self-hosted Mem0 instance (open-source mode). The registry metadata not listing required env vars is inconsistent—treat the plugin as requiring a Mem0 key. 2) If you care about privacy, prefer self-hosted OSS mode or verify the mem0.ai service and the plugin package on npm/GitHub. 3) Disable Auto‑Capture or set strict customInstructions to avoid storing secrets (passwords, SSNs, API keys); test behavior in a sandboxed agent first. 4) Review the package.json/package-lock or the upstream repository to ensure dependencies are legitimate. 5) Because the plugin injects memories into the system prompt, only enable it for agents you trust. If you want higher assurance, ask the author for a canonical repository/linked release and an explanation for why required env vars are omitted from the registry metadata.
功能分析
Type: OpenClaw Skill Name: openclaw-mem0 Version: 1.0.2 The plugin is designed to integrate Mem0 for long-term memory, which is a legitimate function. However, it is classified as 'suspicious' due to several risky capabilities. The plugin allows configuration of an arbitrary `host` for the Mem0 API and retrieves the `apiKey` (potentially from `process.env`), meaning a compromised configuration could redirect sensitive data (API key, user memories) to an attacker-controlled server. Furthermore, the `lib/mem0.ts` client exposes powerful Mem0 API features like `createWebhook` and `createMemoryExport` via agent tools. While these are legitimate API features, they could be abused through prompt injection against the AI agent to exfiltrate data or establish unauthorized communication channels. The `oss.historyDbPath` in `index.ts` also uses `api.resolvePath`, which could be a local file system vulnerability if the OpenClaw platform's path resolution is not adequately sandboxed.
能力评估
Purpose & Capability
The code and SKILL.md implement a Mem0 memory plugin (platform and OSS modes) which matches the implied purpose. However the registry metadata declares no required environment variables or primary credential while the README/SKILL.md and plugin UI expect a Mem0 API key (MEM0_API_KEY) and host configuration. The package contains mem0ai and other dependencies in package.json/package-lock, but the skill metadata did not declare these needs. Missing top-level description/homepage in the registry is also a minor red flag.
Instruction Scope
SKILL.md instructs the agent to Auto‑Recall (search memories and inject results into the system prompt before each agent turn) and Auto‑Capture (analyze each turn and store key facts after each turn). Those behaviors are expected for a memory plugin but effectively allow automatic modification of system prompts and automatic exfiltration of conversational content to the configured memory backend. The SKILL.md does not instruct reading unrelated local files or other credentials, but the pre-scan flagged 'system-prompt-override' is expected here because the plugin intentionally injects memory into the system prompt.
Install Mechanism
No explicit install spec was provided in the registry (instruction-only), which is lower risk, but the bundle includes source files, package.json, and a package-lock with many dependencies (mem0ai, openclaw, etc.). If you install via the OpenClaw CLI/npm, these dependencies will be fetched from npm. The presence of substantial dependencies is plausible but should be audited (package-lock is large and pulls many transitive libs).
Credentials
The skill metadata lists no required env vars or primary credential, yet SKILL.md and plugin UI examples expect a Mem0 API key (and optionally MEM0_HOST) for platform mode. That mismatch is an inconsistency: the plugin will need credentials to send user memory to the Mem0 backend but the registry did not declare this. Requesting a single API key for the memory backend is proportional to the feature, but the missing declaration and no clear guidance about protecting sensitive info are concerning.
Persistence & Privilege
The plugin is not marked 'always: true' (good). It allows autonomous invocation (default) which is normal for plugins. However Auto‑Recall/Auto‑Capture grant it broad ability to read and inject context and to transmit conversation content to the configured backend — a powerful capability that can leak sensitive data if misconfigured or if the backend is untrusted. The plugin provides controls (customInstructions, toggles) but those rely on operator configuration.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install openclaw-mem0
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /openclaw-mem0 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.2
- No changes detected in files for version 1.0.2. - Documentation and functionality remain unchanged from the previous version.
v1.0.1
- Removed integration and unit test files. - No user-facing or documentation changes.
v1.0.0
Changelog for openclaw-mem0 v1.0.0: - Initial release of the OpenClaw Mem0 Plugin. - Adds intelligent long-term memory for agents, enabling them to remember user preferences, facts, and past conversations automatically. - Supports both platform (cloud via mem0.ai API) and open-source (self-hosted Chroma) modes. - Implements auto-recall (fetch relevant context) and auto-capture (store key facts) features. - Provides manual tools for storing, searching, listing, and forgetting memories. - Includes setup instructions and examples in SKILL.md.
元数据
Slug openclaw-mem0
版本 1.0.2
许可证
累计安装 7
当前安装数 7
历史版本数 3
常见问题

Openclaw Mem0 是什么?

Adds intelligent long-term memory to agents for auto-capturing, recalling, and managing user facts and preferences across sessions. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 1964 次。

如何安装 Openclaw Mem0?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install openclaw-mem0」即可一键安装,无需额外配置。

Openclaw Mem0 是免费的吗?

是的,Openclaw Mem0 完全免费(开源免费),可自由下载、安装和使用。

Openclaw Mem0 支持哪些平台?

Openclaw Mem0 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 Openclaw Mem0?

由 xRay2016(@xray2016)开发并维护,当前版本 v1.0.2。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 留言讨论