Back to plugin

Security audit

Memory Enhancement

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed memory plugin, but it handles conversation data with too little containment around automatic sending, storage, logging, and unauthenticated server access.

Install only if you deliberately want a long-term memory system that may send conversation text to a local API and retain it. Keep the server bound to localhost or firewalled, do not expose it to shared networks without authentication, avoid storing secrets or sensitive personal data, review and pin server dependencies, and periodically clear both stored memories and ~/.openclaw/logs/memory-enhancement.log.

VirusTotal

62/62 vendors flagged this plugin as clean.

View on VirusTotal

Static analysis

Detected: suspicious.env_credential_access, suspicious.exposed_secret_literal, suspicious.install_untrusted_source

Environment variable access combined with network send.

Critical
Code
suspicious.env_credential_access
Location
dist/index.js:1
Evidence
var __create=Object.create;var __defProp=Object.defineProperty;var __getOwnPropDesc=Object.getOwnPropertyDescriptor;var __getOwnPropNames=Object.getOwnPropertyN...

File appears to expose a hardcoded API secret or token.

Critical
Code
suspicious.exposed_secret_literal
Location
dist/index.js:4
Evidence
`);const{statusCode,buffered}=yield proxyResponsePromise;if(statusCode===200){req.once("socket",resume);if(opts.secureEndpoint){debug("Upgrading socket connecti...

Install source points to URL shortener or raw IP.

Warn
Code
suspicious.install_untrusted_source
Location
openclaw.plugin.json:18
Evidence
"help": "API服务地址 (例如: http://127.0.0.1:8080)"