Back to plugin

Security audit

Neotoma

Security checks across malware telemetry and agentic risk

Overview

Neotoma appears to be a legitimate memory/MCP server, but it recommends broad workspace inspection and can persistently modify agent rule files, so users should review its setup and data boundaries carefully.

Install only if you want a persistent cross-agent memory layer. Before setup, narrow any agent prompts to specific files or projects, inspect any .cursor/.claude/.codex rules it proposes or updates, pin the npm package version if possible, and verify where data, tokens, embeddings, exports, and deletion controls live.

VirusTotal

VirusTotal engine telemetry is currently stale for this artifact.

View on VirusTotal

Static analysis

Detected: suspicious.dangerous_exec, suspicious.env_credential_access, suspicious.exposed_secret_literal

Shell command execution detected (child_process).

Critical
Code
suspicious.dangerous_exec
Location
dist/cli/index.js:592
Evidence
const child = spawn(process.argv[0], [process.argv[1], "init"], {

Shell command execution detected (child_process).

Critical
Code
suspicious.dangerous_exec
Location
dist/cli/mcp_config_scan.js:889
Evidence
execSync("npm run sync:mcp", {

Shell command execution detected (child_process).

Critical
Code
suspicious.dangerous_exec
Location
dist/mcp_ws_bridge.js:89
Evidence
child = spawn(MCP_CMD, MCP_ARGS, {

Shell command execution detected (child_process).

Critical
Code
suspicious.dangerous_exec
Location
dist/services/schema_registry.js:1029
Evidence
const child = spawn("tsx", [scriptPath], {

Shell command execution detected (child_process).

Critical
Code
suspicious.dangerous_exec
Location
dist/shared/local_transport.js:63
Evidence
localApiChild = spawn(process.execPath, [actionsPath], {

Environment variable access combined with network send.

Critical
Code
suspicious.env_credential_access
Location
dist/cli/index.js:87
Evidence
process.env.NEOTOMA_USE_READLINE === "1" ||

Environment variable access combined with network send.

Critical
Code
suspicious.env_credential_access
Location
dist/services/mcp_oauth.js:36
Evidence
const ENCRYPTION_KEY = process.env.NEOTOMA_MCP_TOKEN_ENCRYPTION_KEY ||

Environment variable access combined with network send.

Critical
Code
suspicious.env_credential_access
Location
dist/shared/local_transport.js:66
Evidence
...process.env,

File appears to expose a hardcoded API secret or token.

Critical
Code
suspicious.exposed_secret_literal
Location
dist/actions.js:1418
Evidence
const bearerToken = [REDACTED]("Bearer ".length).trim();

File appears to expose a hardcoded API secret or token.

Critical
Code
suspicious.exposed_secret_literal
Location
dist/cli/index.js:1193
Evidence
access_token: [REDACTED],

File appears to expose a hardcoded API secret or token.

Critical
Code
suspicious.exposed_secret_literal
Location
dist/crypto/auth.js:16
Evidence
const bearerToken = [REDACTED](keyPair.publicKey);

File appears to expose a hardcoded API secret or token.

Critical
Code
suspicious.exposed_secret_literal
Location
dist/crypto/keys.js:11
Evidence
const privateKey = [REDACTED]();

File appears to expose a hardcoded API secret or token.

Critical
Code
suspicious.exposed_secret_literal
Location
dist/embeddings.js:4
Evidence
? new OpenAI({ apiKey: [REDACTED] })

File appears to expose a hardcoded API secret or token.

Critical
Code
suspicious.exposed_secret_literal
Location
dist/openclaw_entry.js:24
Evidence
process.env.OPENAI_API_KEY = [REDACTED];

File appears to expose a hardcoded API secret or token.

Critical
Code
suspicious.exposed_secret_literal
Location
dist/services/llm_extraction.js:20
Evidence
? new OpenAI({ apiKey: [REDACTED] })

File appears to expose a hardcoded API secret or token.

Critical
Code
suspicious.exposed_secret_literal
Location
dist/services/mcp_oauth.js:751
Evidence
accessToken: [REDACTED]("local_access"),

File appears to expose a hardcoded API secret or token.

Critical
Code
suspicious.exposed_secret_literal
Location
dist/services/oauth_key_gate.js:65
Evidence
const bearerToken = [REDACTED]?.trim() || "";

File appears to expose a hardcoded API secret or token.

Critical
Code
suspicious.exposed_secret_literal
Location
dist/services/oauth_state.js:12
Evidence
bearerToken: [REDACTED],

File appears to expose a hardcoded API secret or token.

Critical
Code
suspicious.exposed_secret_literal
Location
dist/services/schema_icon_service.js:13
Evidence
? new OpenAI({ apiKey: [REDACTED] })

File appears to expose a hardcoded API secret or token.

Critical
Code
suspicious.exposed_secret_literal
Location
dist/services/schema_recommendation.js:505
Evidence
const openai = new OpenAI({ apiKey: [REDACTED] });