Security audit
ClawMind Local Markdown Context Engine
Security checks across malware telemetry and agentic risk
Overview
The skill's code, docs, and runtime instructions are internally consistent: it is a local, offline context compaction plugin that writes Markdown summaries to disk and does not request external credentials or network access.
This plugin appears to do what it claims: locally summarize and store older conversation turns as Markdown and keep recent messages in runtime context. Before installing: review and accept that conversation content will be written to disk (check summaryDir and file permissions), confirm you trust the package source and are comfortable running npm install/build (which will fetch dependencies), and ensure the OpenClaw gateway runs with appropriate filesystem permissions/isolation so summaries cannot be written into sensitive locations. If you need stricter guarantees, review the full source (particularly filename-sanitization code) and run the build in an isolated environment before deploying.
VirusTotal
No VirusTotal findings
Static analysis
No suspicious patterns detected.
