Back to plugin

Security audit

Gralkor Memory (OpenClaw)

Security checks across malware telemetry and agentic risk

Overview

This is a real memory plugin, but it has several high-impact behaviors that are under-scoped or trust-sensitive enough to require manual review before installation.

Install only after reviewing the data flow and operating it in a controlled environment. Use a dedicated dataDir, provide only the API keys required, keep test mode off, avoid storing secrets in prompts or MEMORY.md files, and be aware it can start local services, install Python dependencies, download a wheel on some platforms, and terminate processes that conflict with its port or redislite runtime.

VirusTotal

62/62 vendors flagged this plugin as clean.

View on VirusTotal

Static analysis

Detected: suspicious.dangerous_exec, suspicious.exposed_secret_literal

Shell command execution detected (child_process).

Critical
Code
suspicious.dangerous_exec
Location
dist/gralkor/server-manager.js:109
Evidence
const child = spawn(venvPython, ["-m", "uvicorn", "main:app", "--host", "127.0.0.1", "--port", String(opts.port), "--no-access-log"], {

File appears to expose a hardcoded API secret or token.

Critical
Code
suspicious.exposed_secret_literal
Location
dist/config.js:39
Evidence
env.GOOGLE_API_KEY = [REDACTED]();