Human-Like Memory Plugin

Name/description, config schema, README/SECURITY/PRIVACY, and included code all indicate a memory plugin that sends conversation content to an external memory API and exposes memory_search/memory_store tools. Requiring a plugin config API key (plugins.entries.human-like-mem.config.apiKey) is proportionate to that purpose.

SKILL.md instructs installing the plugin, setting the plugin config API key, enabling the memory slot and agent memorySearch — everything is within the scope of a memory plugin. It explicitly documents what is sent and how to disable auto-storage or platform metadata. Note: defaults enable auto-storage and auto-recall (addEnabled/recalIEnabled true), which means conversation content will be sent by default; this is a behavioral/privacy choice worth highlighting.

Registry metadata claims 'No install spec — instruction-only', but the package includes executable plugin code (index.js and plugin.js) and an openclaw.plugin.json extension entry. This is likely a packaging/metadata mismatch rather than malicious but should be clarified: the plugin contains code that will run in the host, not purely textual instructions.

No environment variables or unrelated credentials are requested; the only required secret is the plugin API key stored in OpenClaw config (plugins.entries.human-like-mem.config.apiKey). The code explicitly parses platform IDs (Feishu/Discord) but documents that such extraction is disabled by default (stripPlatformMetadata = true).

The skill is not forced-always, does not request system-wide config changes beyond its own plugin config, and does not request elevated privileges. It will run as an OpenClaw memory plugin at the documented lifecycle hooks (before_prompt_build, agent_end, session_end). Autonomous invocation is normal for plugins; nothing here elevates that privilege.