Back to plugin

Security audit

Scope Recall for OpenClaw

Security checks across malware telemetry and agentic risk

Overview

This is a legitimate long-term memory plugin, but it needs Review because some optional automation can mutate or expose stored memories with weak scoping and disclosure.

Install only if you intentionally want durable local memory. Keep autoCapture, autoRecall, memoryReflection, autoBackup, hosted LLM extraction, reranking, OAuth, and memoryCompaction disabled unless you understand what text will be stored or sent to providers. Be especially cautious enabling memoryCompaction in multi-scope deployments until same-scope merging is enforced, and avoid debug logging for sensitive conversations.

VirusTotal

61/61 vendors flagged this plugin as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.