Back to plugin

Security audit

Memok AI Memory

Security checks across malware telemetry and agentic risk

Overview

The plugin's code, docs, and runtime instructions are coherent with a local-memory (memok-ai) OpenClaw plugin: it persists transcripts to a local SQLite, injects candidate memories into system context, and optionally runs a scheduled 'dreaming' pipeline that calls an LLM — nothing here requests unrelated credentials or unexplained capabilities.

What to consider before installing: - Review the install scripts before running the curl|bash or irm|iex one-liners (they pull raw scripts from GitHub/Gitee and execute them). If you prefer, git-clone the repo and run the install steps manually. - The plugin will persist conversation transcripts to a local SQLite (default ~/.openclaw/extensions/memok-ai/memok.sqlite) and writes temporary debug files under /tmp; if this is sensitive data, run in an isolated environment or change paths/permissions. - The plugin can read/write OPENAI_* / MEMOK_LLM_MODEL settings and will use any API key you provide (including for scheduled 'dreaming' jobs) — ensure you trust the key and accept any potential API costs. - If you want tighter control, set MEMOK_KEEP_SOURCE=1 or install from a vetted local copy (or set MEMOK_CORE_GIT_URL to a repository you inspected), and consider running the gateway with limited permissions or in a sandbox for initial evaluation. - If you have concerns about logs or debug files, inspect the plugin source (it's included in the package) to confirm behavior and adjust config (persistTranscriptToMemory, dreamingPipelineScheduleEnabled) accordingly.

VirusTotal

No VirusTotal findings

View on VirusTotal

Static analysis

No suspicious patterns detected.