Security audit
OpenClaw Recall
Security checks across malware telemetry and agentic risk
Overview
The plugin's code, runtime instructions, and required tools line up with its stated purpose (automatic recall/search before prompt build); no unexplained credentials or hidden network sinks were detected.
This plugin appears to do exactly what it claims: intercept messages and run local/CLI-backed semantic searches to prepend relevant snippets. Things to consider before enabling: 1) It will execute local commands (openclaw memory search, sqlite3, qmd, engram) — ensure those CLIs are trusted and configured correctly. 2) It may surface private conversation history or local files into the model context (enable appropriate excludePatterns/excludeFiles in config). 3) Keep debug logging disabled in production (config.debug.enabled = false by default); if you enable it, the debug log can contain prompts/session identifiers. 4) Review and limit the sources you enable (disable LCM/engram/qmd if you don't want local DBs searched). If you want additional assurance, inspect the full source files included in the package (they are present) and run in a non-sensitive environment first.
VirusTotal
No VirusTotal findings
Static analysis
No suspicious patterns detected.
