ClawHub
Code Pluginsource linked

OpenViking Memory Pluginv2026.4.9

OpenClaw OpenViking-backed long-term memory plugin (install to ~/.openclaw/extensions)

@openclaw/openviking·runtime openviking·by @linqiang391
Community code plugin. Review compatibility and verification before install.
openclaw plugins install clawhub:@openclaw/openviking
Latest release: v2026.4.9Download zip

Capabilities

Tags
executes-codekind:context-engine
configSchema
Yes
Executes code
Yes
HTTP routes
0
Plugin kind
context-engine
Runtime ID
openviking

Compatibility

Built With Open Claw Version
2026.3.7
Min Gateway Version
2026.3.7
Plugin Api Range
>=2026.3.7
Plugin Sdk Version
2026.3.7
Security Scan
VirusTotalVirusTotal
Pending
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The code and SKILL.md implement a long-term memory integration with OpenViking and include client, context-engine, and runtime-manager pieces that match the described purpose. However the registry metadata says 'instruction-only' / no install spec while the package contains large install/setup scripts (install.sh, setup-helper/install.js) and runtime management that will start a local OpenViking process — an operational capability not captured in the registry install metadata.
Instruction Scope
SKILL.md and bundled tools explicitly instruct the plugin to read local OpenClaw/OpenViking config files (openclaw.json, ~/.openviking/ov.conf), call local Gateway and OpenViking HTTP endpoints, and optionally execute a healthcheck that posts synthetic conversations to the Gateway. Those actions are consistent with validating/operating the integration, but they require reading potentially sensitive local configuration (including bearer tokens) and communicating with internal HTTP endpoints.
!
Install Mechanism
No install spec is declared in the registry entry, yet the repo includes sizable install artifacts (install.sh, setup-helper/dist/install.js, setup-helper/install.js) that appear intended to be executed and may write files under ~/.openviking and other user dirs or spawn processes. The absence of an explicit, reviewed install step in the registry while shipping executable install scripts is an inconsistency and increases risk if an agent or user runs them without manual inspection.
Credentials
The package does not declare required environment variables, but the code optionally reads OPENVIKING_API_KEY, OPENVIKING_BASE_URL/OPENVIKING_URL, OPENCLAW_STATE_DIR and supports env placeholder expansion in config files. This is proportionate for a memory backend, but the plugin also auto-discovers and reads openclaw.json to obtain Gateway bearer tokens for the healthcheck — a behavior you should expect and verify before allowing the plugin to run.
Persistence & Privilege
The skill is not marked always:true, and does not request elevated system-wide privileges in metadata. However the runtime-manager code will start and monitor a local OpenViking subprocess (local mode), which gives the plugin the ability to run child processes and write files under user directories (e.g., ~/.openviking). That is expected for a local runtime but is a privilege users should be aware of.
What to consider before installing
This package appears to be a legitimate OpenViking memory integration, but review these points before installing: (1) Inspect install.sh and setup-helper/install.js — they are large scripts that may write to ~/.openviking and spawn local servers; do not run them unreviewed. (2) The healthcheck and client code auto-read openclaw.json and ~/.openviking/ov.conf to find tokens/URLs; if those files contain bearer/API tokens, the plugin may use them to call local Gateway/OpenViking endpoints. Confirm you trust the code and consider rotating tokens after testing. (3) Prefer installing/running in an isolated/test environment (container or VM) first, and review package-lock.json and setup scripts for external downloads. (4) If you want to proceed, run the healthcheck in a controlled environment to observe what endpoints and credentials it uses. If you are unsure, request or inspect the specific install steps the integration will take and verify them manually.
index.ts:1134
Shell command execution detected (child_process).
process-manager.ts:247
Shell command execution detected (child_process).
setup-helper/dist/install.js:211
Shell command execution detected (child_process).
setup-helper/install.js:401
Shell command execution detected (child_process).
setup-helper/src/lib/process.ts:10
Shell command execution detected (child_process).
process-manager.ts:299
Environment variable access combined with network send.
setup-helper/dist/install.js:889
Environment variable access combined with network send.
setup-helper/install.js:34
Environment variable access combined with network send.
!
openclaw.plugin.json:22
Install source points to URL shortener or raw IP.
!
process-manager.ts:2
File read combined with network send (possible exfiltration).
!
setup-helper/dist/install.js:883
File read combined with network send (possible exfiltration).
!
setup-helper/install.js:26
File read combined with network send (possible exfiltration).
Patterns worth reviewing
These patterns may indicate risky behavior. Check the VirusTotal and OpenClaw results above for context-aware analysis before installing.

Verification

Tier
source linked
Scope
artifact only
Summary
Validated package structure and linked the release to source metadata.
Source
github.com/LinQiang391/OpenViking
Commit
cd978a2
Tag
clawhub
Provenance
No
Scan status
pending

Tags

latest
2026.4.9

OpenClaw + OpenViking Context-Engine Plugin

Use OpenViking as the long-term memory backend for OpenClaw. In OpenClaw, this plugin is registered as the openviking context engine.

This document is not an installation guide. It is an implementation-focused design note for integrators and engineers. It describes how the plugin works today based on the code under examples/openclaw-plugin, not a future refactor target.

Documentation

Design Positioning

  • OpenClaw still owns the agent runtime, prompt orchestration, and tool execution.
  • OpenViking owns long-term memory retrieval, session archiving, archive summaries, and memory extraction.
  • examples/openclaw-plugin is not a narrow “memory lookup” plugin. It is an integration layer that spans the OpenClaw lifecycle.

In the current implementation, the plugin plays four roles at once:

  • context-engine: implements assemble, afterTurn, and compact
  • hook layer: handles before_prompt_build, session_start, session_end, agent_end, and before_reset
  • tool provider: registers memory_recall, memory_store, memory_forget, and ov_archive_expand
  • runtime manager: starts and monitors an OpenViking subprocess in local mode

Overall Architecture

Overall OpenClaw and OpenViking plugin architecture

The diagram above reflects the current implementation boundary:

  • OpenClaw remains the primary runtime on the left. The plugin does not take over agent execution.
  • The middle layer combines hooks, the context engine, tools, and runtime management in one plugin registration.
  • All HTTP traffic goes through OpenVikingClient, which centralizes X-OpenViking-* headers and routing logs.
  • The OpenViking service owns sessions, memories, archives, and Phase 2 extraction, with storage under viking://user/*, viking://agent/*, and viking://session/*.

That split lets OpenClaw stay focused on reasoning and orchestration while OpenViking becomes the source of truth for long-lived context.

Identity and Routing

The plugin does not send one fixed agent ID to OpenViking. It tries to keep OpenClaw session identity and OpenViking routing aligned.

The main rules are:

  • reuse sessionId directly when it is already a UUID
  • prefer sessionKey when deriving a stable ovSessionId
  • normalize unsafe path characters, or fall back to a stable SHA-256 when needed
  • resolve X-OpenViking-Agent per session, not per process
  • when plugins.entries.openviking.config.agentId is not default, prefix the session agent as <configAgentId>_<sessionAgent>
  • add X-OpenViking-Account, X-OpenViking-User, and X-OpenViking-Agent in the client layer

This matters because the plugin is built to support multi-agent and multi-session OpenClaw usage without mixing memories across sessions.

Prompt-Front Recall Flow

Automatic recall flow before prompt build

Today the main recall path still lives in before_prompt_build:

  1. Extract the latest user text from messages or prompt.
  2. Resolve the agent routing for the current sessionId/sessionKey.
  3. Run a quick availability precheck so prompt building does not stall when OpenViking is unavailable.
  4. Query both viking://user/memories and viking://agent/memories in parallel.
  5. Deduplicate, threshold-filter, rerank, and trim the results under a token budget.
  6. Prepend the selected memories as a <relevant-memories> block.

The reranking logic is not pure vector-score sorting. The current implementation also considers:

  • whether a result is a leaf memory with level == 2
  • whether it looks like a preference memory
  • whether it looks like an event memory
  • lexical overlap with the current query

Transcript ingest assist

This path also includes a special transcript-oriented branch.

When the latest user input looks like pasted multi-speaker transcript content:

  • metadata blocks, command text, and pure question text are filtered out
  • the cleaned text is checked against speaker-turn and length thresholds
  • if it matches, the plugin prepends a lightweight <ingest-reply-assist> instruction

The goal is not to change memory logic. It is to reduce the chance that the model responds with NO_REPLY when the user pastes chat history, meeting notes, or conversation transcripts for ingestion.

Session Lifecycle

Session lifecycle and compaction boundary

Session handling is the main axis of this design. In the current implementation it covers history assembly, incremental append, asynchronous commit, and blocking compaction readback.

What assemble() does

assemble() is not just replaying old chat history. It reads session context back from OpenViking under a token budget, then rebuilds OpenClaw-facing messages:

  • latest_archive_overview becomes [Session History Summary]
  • pre_archive_abstracts becomes [Archive Index]
  • active session messages stay in message-block form
  • assistant tool parts become toolUse
  • tool output becomes separate toolResult
  • the final message list goes through a tool-use/result pairing repair pass

That means OpenClaw sees “compressed history summary + archive index + active messages”, not an ever-growing raw transcript.

What afterTurn() does

afterTurn() has a narrower job: append only the new turn into the OpenViking session.

  • it slices only the newly added messages
  • it keeps only user / assistant capture text
  • it preserves toolUse / toolResult content in the serialized turn text
  • it strips injected <relevant-memories> blocks and metadata noise before capture
  • it appends the sanitized turn text into the OpenViking session

After that, the plugin checks pending_tokens. Once the session crosses commitTokenThreshold, it triggers commit(wait=false):

  • archive generation and Phase 2 memory extraction continue asynchronously on the server
  • the current turn is not blocked waiting for extraction
  • if logFindRequests is enabled, the logs include the task id and follow-up extraction detail

What compact() does

compact() is the stricter synchronous boundary:

  • it calls commit(wait=true) and blocks for completion
  • when an archive exists, it re-reads latest_archive_overview
  • it returns updated token estimates, the latest archive id, and summary content
  • if the summary is too coarse, the model can call ov_archive_expand to reopen a specific archive

So afterTurn() is closer to “incremental append plus threshold-triggered async commit”, while compact() is the explicit “wait for archive and compaction to finish” boundary.

Tools and Expandability

Beyond automatic behavior, the plugin exposes four tools directly:

  • memory_recall: explicit long-term memory search
  • memory_store: write text into an OpenViking session and trigger commit
  • memory_forget: delete by URI, or search first and remove a single strong match
  • ov_archive_expand: expand a concrete archive back into raw messages

They serve different roles:

  • automatic recall covers the default case where the model does not know what to search yet
  • memory_recall gives the model an explicit follow-up search path
  • memory_store is for immediately persisting clearly important information
  • ov_archive_expand is the “go back to archive detail” escape hatch when summaries are not enough

ov_archive_expand is especially important because assemble() normally returns archive summaries and indexes, not the full raw transcript.

Local / Remote Runtime Modes

Runtime modes and routing behavior

The current implementation supports two runtime modes. The upper-layer session, memory, and archive model stays the same in both.

Local mode

In local mode, the plugin manages the OpenViking subprocess itself:

  • resolve Python from OPENVIKING_PYTHON, env files, or system defaults
  • prepare the port before startup
  • kill stale OpenViking processes on the target port
  • move to the next free port if another process owns the configured one
  • wait for /health before marking the service ready
  • cache the local client so multiple plugin registrations do not spawn duplicates

That is why this plugin is not only “memory logic”. It is also a local runtime manager.

Remote mode

In remote mode, the plugin behaves as a pure HTTP client:

  • no local subprocess is started
  • baseUrl and optional apiKey come from plugin config
  • session context, memory find/read, commit, and archive expansion behavior stays the same

The main difference between local and remote is who is responsible for bringing up the OpenViking service, not the higher-level context model.

Relationship to the Older Design Draft

The repo also contains a more future-looking design draft at docs/design/openclaw-context-engine-refactor.md. It is important not to conflate the two:

  • this README describes current implemented behavior
  • the older draft discusses a stronger future move into context-engine-owned lifecycle control
  • in the current version, the main automatic recall path still lives in before_prompt_build, not fully in assemble()
  • in the current version, afterTurn() already appends to the OpenViking session, but commit remains threshold-triggered and asynchronous on that path
  • in the current version, compact() already uses commit(wait=true), but it is still focused on synchronous commit plus readback rather than owning every orchestration concern

That distinction matters, otherwise the future design draft is easy to misread as already shipped behavior.

Operator and Debugging Surfaces

If you need to debug this plugin, start with these entry points.

Inspect the current setup

ov-install --current-version
openclaw config get plugins.entries.openviking.config
openclaw config get plugins.slots.contextEngine

Watch logs

OpenClaw plugin logs:

openclaw logs --follow

OpenViking service logs:

cat ~/.openviking/data/log/openviking.log

Web Console

python -m openviking.console.bootstrap --host 0.0.0.0 --port 8020 --openviking-url http://127.0.0.1:1933

ov tui

ov tui

Common things to check

SymptomMore likely causeFirst check
plugins.slots.contextEngine is not openvikingThe plugin slot was never set, or another plugin replaced itopenclaw config get plugins.slots.contextEngine
local mode fails to startPython path, env file, or ov.conf is wrongsource ~/.openclaw/openviking.env && openclaw gateway restart
recall behaves inconsistently across sessionsRouting identity is not what you expectedEnable logFindRequests, then inspect openclaw logs --follow
long chats stop extracting memorypending_tokens never crosses the threshold, or Phase 2 fails server-sideCheck plugin config and ~/.openviking/data/log/openviking.log
summaries are too coarse for detailed questionsYou need archive-level detail, not just summaryUse an ID from [Archive Index] with ov_archive_expand

For installation, upgrade, and uninstall operations, use INSTALL.md.