Community code plugin. Review compatibility and verification before install.
Latest release: v0.6.14Download zip
Capabilities
Compatibility
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The name/description match the code: it talks to api.deeplake.ai, implements device-code auth, creates/uses API tokens, and stores/retrieves rows from Deeplake tables. Reading/writing ~/.deeplake/credentials.json and using DEEPLAKE_* env vars is coherent for a Deeplake-backed memory plugin.
Instruction Scope
At runtime the plugin auto-captures every conversation (user + assistant) and uploads structured rows to Deeplake, and auto-recalls memories before agent turns. That behavior is explicitly implemented in the code (hooks 'agent_end' and 'before_agent_start') and means any conversation data may be transmitted to the cloud and injected into future agent prompts.
Install Mechanism
No remote arbitrary installers or downloads are used by the package itself; the code is bundled in the plugin. The plugin does make normal network calls to Deeplake APIs (expected for this purpose).
Credentials
The code reads multiple DEEPLAKE_* environment variables (e.g., DEEPLAKE_TOKEN, DEEPLAKE_ORG_ID, DEEPLAKE_API_URL, DEEPLAKE_WORKSPACE_ID, table names, DEEPLAKE_DEBUG) although the registry metadata declares no required env vars. It will create long‑lived tokens via the Deeplake API and save them to ~/.deeplake/credentials.json, which could be surprising if a user expects no persistent tokens to be stored.
Persistence & Privilege
The plugin writes to files under the user's home directory: ~/.deeplake/credentials.json and (notably) it attempts to update the global OpenClaw config at ~/.openclaw/openclaw.json to add its install path. Modifying that global agent config is a system‑level change and increases persistence/privilege beyond merely storing its own credentials.
What to consider before installing
Before installing, be aware this plugin will: (1) capture and upload all chat messages to api.deeplake.ai and make them searchable across sessions and teammates; (2) perform an OAuth device flow and may create and persist a long‑lived API token in ~/.deeplake/credentials.json; (3) modify your OpenClaw global config (~/.openclaw/openclaw.json) to add its load path. If you have privacy or compliance concerns, do not enable autoCapture/autoRecall; consider running in a sandbox or with a dedicated Deeplake account/organization; inspect ~/.deeplake and ~/.openclaw before and after install; verify token scopes on the Deeplake side; and review the included source (dist/index.js / src) yourself or with a security engineer. If you want tighter control, ask the maintainer for an option that disables automatic upload or requires explicit consent per conversation.dist/index.js:21
Environment variable access combined with network send.
dist/index.js:2
File read combined with network send (possible exfiltration).
src/index.ts:2
File read combined with network send (possible exfiltration).
Patterns worth reviewing
These patterns may indicate risky behavior. Check the VirusTotal and OpenClaw results above for context-aware analysis before installing.