Gralkor Memory (OpenClaw)

The plugin's code, instructions, and requirements align with a memory plugin that spawns a bundled Python memory server and forwards conversation data to it — nothing in the package appears to be doing unrelated or covert work, but it depends on a bundled server in a separate package and requires LLM API keys so you should review that server before enabling.

What to consider before installing: - This plugin spawns a Python memory server (bundled in @susu-eng/gralkor-ts) that will receive conversation content and your workspace memory files. That server will in turn call external LLM/embedding providers using API keys you provide. Review the gralkor-ts adapter and the Gralkor Python server source (linked from SKILL.md) before enabling. - The plugin requires a writable dataDir where it creates a venv and FalkorDB; choose a dedicated directory with appropriate permissions and backups. - Provide LLM/embedding API keys with least privilege (use a dedicated key/account for this service if possible), and be aware that conversation content and indexed files may be sent to those provider endpoints. - The README asks you to install with --dangerously-force-unsafe-install because the install-time scanner flags the bundled server. That flag bypasses install-time protections; only use it after you have inspected the server source and are comfortable with running it. - If you cannot audit the gralkor-ts and Gralkor server code, consider running this plugin in an isolated environment (container or VM) or using an alternative memory provider you trust. I have medium confidence in this assessment because the plugin's own code is consistent with its description, but important runtime behavior (the Python server) resides in a separate bundled dependency that you should review before enabling.