ClawHub
Code Pluginsource linked

Lethev0.1.8

Lethe — persistent memory layer for AI agents. OpenClaw plugin.

@mentholmike/lethe·runtime mentholmike-lethe·by @mentholmike
Community code plugin. Review compatibility and verification before install.
openclaw plugins install clawhub:@mentholmike/lethe
Latest release: v0.1.8Download zip

Capabilities

Tags
executes-codekind:context-engine
configSchema
Yes
Executes code
Yes
HTTP routes
0
Plugin kind
context-engine
Runtime ID
mentholmike-lethe

Compatibility

Built With Open Claw Version
2026.4.14
Plugin Api Range
2026.4.14
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
Name/description (persistent memory) match the code and config: the plugin registers a context engine and memory tools that POST session events, checkpoints, heartbeats, and searches to a configured Lethe endpoint. No unrelated credentials, binaries, or unexpected external services are requested by the code.
Instruction Scope
SKILL.md and the source both state the plugin intercepts session events and sends them to the configured endpoint; the code performs exactly that (including batching, auto-logging tools, heartbeats, checkpoints). This is expected for a memory layer, but it inherently transmits conversation content and derived summaries to an external service — a privacy/exfiltration risk if you don't control or trust the endpoint.
Install Mechanism
There is no install spec (lowest install risk) but the package.json/openclaw extension points to ./dist/index.js while the repository only contains TypeScript sources (src/) and no dist/ directory. That means a build step (tsc + tsc-alias) is required but not declared as an automated install step — verify how your platform will build or supply the dist artifacts before using the plugin.
Credentials
No required environment variables are declared; config supports an optional apiKey plus endpoint/agentId/projectId which are appropriate for a remote memory service. The apiKey usage is proportional. Note: the plugin will send message contents (including potential secrets) to the configured endpoint, so credential/data exposure is a real operational concern, not an incoherence.
Persistence & Privilege
always is false and model invocation is allowed (default). The plugin registers only its own context engine and tools and does not modify other skills or request system-wide privileges. No persistent system-level modifications are attempted by the code.
Assessment
This plugin appears to do what it says: it will capture and POST session events, checkpoints, and summaries to the configured Lethe server. Before installing: (1) Verify and trust the endpoint you configure — the plugin will transmit conversation contents and derived summaries (potential PII or secrets). Prefer a self-hosted or audited Lethe server for sensitive workloads. (2) Note there is no compiled dist/ bundle included; the package expects dist/index.js — confirm your platform will build the TypeScript sources (requires dev tools like typescript and tsc-alias) or provide prebuilt artifacts. (3) Use a dedicated API key for the Lethe server and avoid reusing platform-global credentials. (4) If you need to limit what is sent, request or configure filtering (redaction) on the agent/plugin side or on the server. (5) If you want higher assurance, review the Lethe server implementation (and audit network traffic) to ensure stored data handling meets your security/privacy requirements.

Verification

Tier
source linked
Scope
artifact only
Summary
Validated package structure and linked the release to source metadata.
Source
github.com/openlethe/lethe
Commit
fae6dab
Tag
fae6dab
Provenance
No
Scan status
clean

Tags

latest
0.1.8