Back to plugin

Security audit

Delta-Mem MLX

Security checks across malware telemetry and agentic risk

Overview

This is a coherent local MLX sidecar helper, but using its managed setup runs local helper processes, downloads external model/sidecar artifacts, and can pass retrieved memory snippets into the sidecar.

Install this if you want a local Apple Silicon delta-mem sidecar and are comfortable running its helper scripts. Before using managed install, review or trust the external sidecar repository and Hugging Face artifacts. Keep the sidecar URL local or trusted, and remember that attention-state memory lookup is enabled by default in the generated provider config.

VirusTotal

62/62 vendors flagged this plugin as clean.

View on VirusTotal

Static analysis

Detected: suspicious.dangerous_exec, suspicious.install_untrusted_source

Shell command execution detected (child_process).

Critical
Code
suspicious.dangerous_exec
Location
scripts/install-sidecar.mjs:50
Evidence
const result = spawnSync(command, args, {

Shell command execution detected (child_process).

Critical
Code
suspicious.dangerous_exec
Location
scripts/start-sidecar.mjs:85
Evidence
const child = spawn(python, [

Install source points to URL shortener or raw IP.

Warn
Code
suspicious.install_untrusted_source
Location
openclaw.plugin.json:13
Evidence
"default": "http://127.0.0.1:8765",