Security audit
Memory Markdown
Security checks across malware telemetry and agentic risk
Overview
The skill's code, runtime instructions, and declared purpose line up: it is a filesystem-based markdown memory store that reads/writes local files and builds a JSON index, with no network calls or secret requirements.
This skill appears to be what it says: a local, filesystem-backed markdown memory store. Before installing, consider: (1) it will create and update files under a configured basePath (defaults to ~/.openclaw/workspace/memories) — do not point basePath at sensitive system directories; (2) the plugin will optionally use the OPENCLAW_WORKSPACE env var or runtime API to find the workspace (this env var is not declared but is optional); (3) no network calls or secrets are required by the package as shipped. If you want stronger isolation, set the plugin's basePath to a dedicated directory with limited permissions and review any existing files it may read there.
VirusTotal
No VirusTotal findings
Static analysis
No suspicious patterns detected.
