Environment variable access combined with network send.
Critical
- Code
- suspicious.env_credential_access
- Location
- dist/index.js:46
- Evidence
_dataDir = process.env.AMEM_DATA_DIR || path.join(os.homedir(), ".amem");
Security audit
Security checks across malware telemetry and agentic risk
This is a disclosed OpenClaw memory plugin that stores and evolves agent memories using local Qdrant and a configured LLM endpoint.
Install only if you want persistent long-term memory. Configure Qdrant and the LLM endpoint you trust, treat stored memories as potentially sensitive, and enable hooks.allowConversationAccess only if you are comfortable with successful conversations being analyzed for automatic memory updates.
61/61 vendors flagged this plugin as clean.
Detected: suspicious.env_credential_access
_dataDir = process.env.AMEM_DATA_DIR || path.join(os.homedir(), ".amem");