Back to plugin

Security audit

Memory Lancedb Dreaming

Security checks across malware telemetry and agentic risk

Overview

This skill does sensitive memory processing, scheduled local writes, and optional message delivery, but those behaviors are coherent with its advertised dreaming/reporting purpose and are mostly disclosed.

Install only if you are comfortable with a plugin reading your LanceDB memory, writing memory-derived reports into the workspace, and running scheduled background jobs. Leave dailyReport.delivery unset unless you intentionally want summaries sent to an external chat channel, and use a current patched OpenClaw runtime.

VirusTotal

62/62 vendors flagged this plugin as clean.

View on VirusTotal

Static analysis

Detected: suspicious.dangerous_exec

Shell command execution detected (child_process).

Critical
Code
suspicious.dangerous_exec
Location
scripts/test.mjs:6
Evidence
const build = spawnSync("npm", ["run", "build"], {