Security audit
Scope Recall for OpenClaw
Security checks across malware telemetry and agentic risk
Overview
This is a legitimate long-term memory plugin, but it needs Review because some optional automation can mutate or expose stored memories with weak scoping and disclosure.
Install only if you intentionally want durable local memory. Keep autoCapture, autoRecall, memoryReflection, autoBackup, hosted LLM extraction, reranking, OAuth, and memoryCompaction disabled unless you understand what text will be stored or sent to providers. Be especially cautious enabling memoryCompaction in multi-scope deployments until same-scope merging is enforced, and avoid debug logging for sensitive conversations.
VirusTotal
61/61 vendors flagged this plugin as clean.
Static analysis
No suspicious patterns detected.
