Security audit
MemClaw Context Engine
Security checks across malware telemetry and agentic risk
Overview
The plugin's code, files, and runtime behavior are consistent with its stated purpose (a local context/memory engine that manages a local service and provides recall/capture tools), with only minor documentation/configuration mismatches to be aware of.
This plugin is consistent with a local memory/context engine but has behaviours you should accept consciously: it will create a local configuration file and ask you to add llm.api_key and embedding.api_key (so you should provide least-privileged keys and store them securely). It attempts to start/manage local services (qdrant, cortex-mem-service) and uses PID files; ensure you are comfortable with a plugin launching local binaries and writing files. Optional platform-specific binary packages (@memclaw/bin-*) are referenced — if you see additional native binaries installed, inspect them or run in an isolated environment. The SKILL.md shown is actually package metadata rather than user-facing prose, so review the plugin’s repository (git URL in metadata) if you want human-readable docs. If you prefer not to let the plugin auto-start services, disable autoStartServices in its config before allowing it to run.
VirusTotal
No VirusTotal findings
Static analysis
No suspicious patterns detected.
