release(openclaw): v0.7.3 — plugin trust detection, tools.allow guidance

Status tool now checks plugins.allow from OpenClaw config:
- Warns when allowlist exists but plugin is not included (blocked)
- Tips when no allowlist is set (loads via entries.enabled, trust implicit)
- Existing memory slot check unchanged (warns when pointing to memory-core)

Simplified tool availability guidance across all docs:
- Plugin tools register automatically when the plugin loads
- No tools.allow or tools.alsoAllow config needed
- Only config required: plugins.allow with the plugin ID
- Listing nowledge_mem_* in tools.allow is a misconfiguration (silently stripped)

Updated: README, SKILL.md, CLAUDE.md, CHANGELOG, website docs (EN + ZH)

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

Author: wey-gu

nowledge-mem-openclaw-plugin/CHANGELOG.md

@@ -2,12 +2,18 @@
 
 All notable changes to the Nowledge Mem OpenClaw plugin will be documented in this file.
 
+## [0.7.3] - 2026-03-30
+
+### Added
+
+- **Status tool now checks plugin trust and memory slot.** `nowledge_mem_status` reads `plugins.allow` from the OpenClaw config: warns when the allowlist exists but the plugin is missing (loading will be blocked); shows a tip when no allowlist is set (plugin loads via `entries.enabled`, but trust is implicit). Also warns when the memory slot points to `memory-core` instead of `openclaw-nowledge-mem` — a common misconfiguration after upgrading to OpenClaw 3.22+. Both checks include the exact fix command.
+- **Clarified that no `tools.*` config is needed.** All plugin tools register automatically when the plugin loads. Listing `nowledge_mem_*` names in `tools.allow` is a misconfiguration — OpenClaw silently strips allowlists that contain only plugin entries. The only config users need is `plugins.allow: ["openclaw-nowledge-mem"]`. Updated troubleshooting in README, SKILL.md, and website docs (EN + ZH).
+
 ## [0.7.2] - 2026-03-30
 
 ### Added
 
 - **Status tool now reports memory slot configuration.** `nowledge_mem_status` checks whether the OpenClaw memory slot points to `openclaw-nowledge-mem`. If another plugin (e.g. the built-in `memory-core`) holds the slot, the tool shows a warning with the fix command. This catches a common misconfiguration after upgrading to OpenClaw 3.22+, where the implicit slot default changed to `memory-core`.
-- **Documented HTTP gateway limitation.** Plugin tools (save, connections, timeline, etc.) are not accessible via the OpenClaw HTTP gateway API (`/tools/invoke`) due to the gateway's `stripPluginOnlyAllowlist` policy. The built-in `memory_search` and `memory_get` are core gateway tools and always work via HTTP. Added troubleshooting guidance across README, SKILL.md, and website docs (EN + ZH).
 
 ### Fixed
 

nowledge-mem-openclaw-plugin/CLAUDE.md

@@ -118,7 +118,7 @@ When `contextEngine` points elsewhere (or is absent), hooks handle everything. N
 - `nowledge_mem_thread_fetch` - fetch messages from a specific thread. Start with a small page, then use `offset` + `limit` for progressive retrieval only when more context is needed.
 
 ### Diagnostics
-- `nowledge_mem_status` - show memory slot status, effective config (mode, apiUrl, apiKey set, sessionContext, sessionDigest, etc.), backend connectivity, and version. Warns if the memory slot points to `memory-core` instead of `openclaw-nowledge-mem` (common after OpenClaw 3.22+ upgrade). No parameters.
+- `nowledge_mem_status` - show plugin trust status, memory slot status, effective config (mode, apiUrl, apiKey set, sessionContext, sessionDigest, etc.), backend connectivity, and version. Checks `plugins.allow`: warns if set but plugin not included (loading blocked); shows tip if not set (plugin loads via `entries.enabled` but trust is implicit). Warns if the memory slot points to `memory-core` instead of `openclaw-nowledge-mem` (common after OpenClaw 3.22+ upgrade). No parameters.
 
 ## Skill Surface
 

nowledge-mem-openclaw-plugin/README.md

@@ -455,11 +455,21 @@ Or set the slot manually in `~/.openclaw/openclaw.json`:
 
 Restart OpenClaw after either change.
 
-**Plugin tools return 404 via OpenClaw HTTP API (`/tools/invoke`)**
+**Plugin tools not available**
 
-The `nowledge_mem_*` tools work in normal agent conversations but return 404 when called through OpenClaw's HTTP gateway API. This is an OpenClaw gateway limitation: the tool policy pipeline (`stripPluginOnlyAllowlist`) filters out plugin-registered tool names from `tools.allow`, so there is currently no configuration path to expose them via HTTP.
+All 10 plugin tools register automatically when the plugin loads. No tool-level config is needed — just make sure the plugin itself is trusted:
 
-The built-in `memory_search` and `memory_get` are core gateway tools and always work via HTTP. For the full tool surface, use an agent conversation instead of the HTTP API.
+```json
+{
+  "plugins": {
+    "allow": ["openclaw-nowledge-mem"]
+  }
+}
+```
+
+If `openclaw status` shows a CRITICAL warning about `plugins.allow`, this is the fix. Run `nowledge_mem_status` inside a conversation to check both plugin trust and memory slot status.
+
+Do not list `nowledge_mem_*` tool names in `tools.allow` — OpenClaw silently strips allowlists that contain only plugin entries, so the config looks active but does nothing.
 
 **Search timeouts with many concurrent agents**
 

nowledge-mem-openclaw-plugin/SKILL.md

@@ -249,7 +249,7 @@ What to expect:
 | `plugins.allow is empty` warning | Add `openclaw-nowledge-mem` to `plugins.allow` if the user wants explicit trust |
 | Remote config seems ignored | Check whether `~/.nowledge-mem/openclaw.json` is overriding plugin settings |
 | Local mode unexpectedly talks to a remote server | Check for stale `NMEM_API_URL` / `NMEM_API_KEY` in the environment or an overriding `~/.nowledge-mem/openclaw.json` |
-| Plugin tools return 404 via HTTP API (`/tools/invoke`) | This is an OpenClaw gateway limitation — the tool policy pipeline strips plugin tool names from `tools.allow`. The built-in `memory_search` and `memory_get` work via HTTP (core gateway tools). For the full tool surface, use an agent conversation instead of the HTTP API. |
+| Plugin tools missing | Ensure the plugin is in `plugins.allow: ["openclaw-nowledge-mem"]`. Do **not** put `nowledge_mem_*` tool names in `tools.allow` — OpenClaw silently strips plugin-only allowlists. No `tools.*` config is needed; plugin tools load automatically when the plugin is allowed. |
 
 ## Notes for Agents
 

nowledge-mem-openclaw-plugin/openclaw.plugin.json

@@ -1,6 +1,6 @@
 {
 	"id": "openclaw-nowledge-mem",
-	"version": "0.7.2",
+	"version": "0.7.3",
 	"kind": "memory",
 	"skills": ["skills/memory-guide"],
 	"uiHints": {

nowledge-mem-openclaw-plugin/package.json

@@ -1,6 +1,6 @@
 {
 	"name": "@nowledge/openclaw-nowledge-mem",
-	"version": "0.7.2",
+	"version": "0.7.3",
 	"type": "module",
 	"description": "Nowledge Mem memory plugin for OpenClaw, local-first personal knowledge base",
 	"author": {

nowledge-mem-openclaw-plugin/src/index.js

@@ -54,10 +54,14 @@ export default {
 		api.registerTool(createThreadSearchTool(client, logger));
 		api.registerTool(createThreadFetchTool(client, logger));
 
-		// Diagnostics — pass the resolved memory slot so the status tool
-		// can warn when the slot points elsewhere (e.g. memory-core).
+		// Diagnostics — pass runtime config so the status tool can detect:
+		//   - plugins.allow missing or not including this plugin
+		//   - memory slot pointing elsewhere (e.g. memory-core)
 		const memorySlot = api.config?.plugins?.slots?.memory;
-		api.registerTool(createStatusTool(client, logger, cfg, { memorySlot }));
+		const pluginsAllow = api.config?.plugins?.allow;
+		api.registerTool(
+			createStatusTool(client, logger, cfg, { memorySlot, pluginsAllow }),
+		);
 
 		// --- Context Engine registration ---
 		// When the user sets `plugins.slots.contextEngine: "nowledge-mem"`,

nowledge-mem-openclaw-plugin/src/tools/status.js

@@ -23,7 +23,43 @@ export function createStatusTool(client, _logger, cfg, runtimeInfo = {}) {
 			const details = {};
 			const sources = cfg._sources || {};
 
-			// 0. Memory slot check — detect misconfiguration early
+			// 0a. Plugin trust check — detect missing plugins.allow
+			const pluginsAllow = runtimeInfo.pluginsAllow;
+			const pluginId = "openclaw-nowledge-mem";
+			details.pluginsAllow = !Array.isArray(pluginsAllow)
+				? "(not set)"
+				: pluginsAllow.includes(pluginId)
+					? "listed"
+					: "set but plugin not included";
+
+			if (
+				Array.isArray(pluginsAllow) &&
+				pluginsAllow.length > 0 &&
+				!pluginsAllow.includes(pluginId)
+			) {
+				lines.push(
+					`⚠ plugins.allow is set but does not include "${pluginId}".`,
+				);
+				lines.push(
+					"  The plugin will be BLOCKED from loading unless it holds the memory slot or is explicitly enabled.",
+				);
+				lines.push(
+					`  Fix: add "${pluginId}" to plugins.allow in your OpenClaw config.`,
+				);
+				lines.push("");
+			} else if (!Array.isArray(pluginsAllow) || pluginsAllow.length === 0) {
+				lines.push(
+					"Plugin trust: plugins.allow not set (plugin loads via entries.enabled)",
+				);
+				lines.push(
+					`  Tip: set plugins.allow to ["${pluginId}"] to pin trust explicitly.`,
+				);
+				lines.push("");
+			} else {
+				lines.push(`Plugin trust: ${pluginId} (allowlisted)`);
+			}
+
+			// 0b. Memory slot check — detect misconfiguration early
 			const memorySlot = runtimeInfo.memorySlot;
 			details.memorySlot = memorySlot ?? "(unknown)";
 			if (memorySlot && memorySlot !== "openclaw-nowledge-mem") {