Back to plugin

Security audit

Memory Markdown

Security checks across malware telemetry and agentic risk

Overview

The skill's code, runtime instructions, and declared purpose line up: it is a filesystem-based markdown memory store that reads/writes local files and builds a JSON index, with no network calls or secret requirements.

This skill appears to be what it says: a local, filesystem-backed markdown memory store. Before installing, consider: (1) it will create and update files under a configured basePath (defaults to ~/.openclaw/workspace/memories) — do not point basePath at sensitive system directories; (2) the plugin will optionally use the OPENCLAW_WORKSPACE env var or runtime API to find the workspace (this env var is not declared but is optional); (3) no network calls or secrets are required by the package as shipped. If you want stronger isolation, set the plugin's basePath to a dedicated directory with limited permissions and review any existing files it may read there.

VirusTotal

No VirusTotal findings

View on VirusTotal

Static analysis

No suspicious patterns detected.