Back to plugin

Security audit

CortexAI OpenClaw

Security checks across malware telemetry and agentic risk

Overview

This plugin appears to do what it claims: connect OpenClaw to a local Cortex memory/context service, though users should understand it will process conversation and identity data.

This looks internally consistent, but it is a memory and identity plugin, so it may handle sensitive data by design. Install it only if you want OpenClaw messages, thread/user identifiers, display names, and possibly email/phone/username fields to be sent to Cortex for memory and identity resolution. Keep apiBaseUrl on 127.0.0.1 or another endpoint you fully trust; if you point it at a remote server, your conversation and identity data may leave the machine. Also review the separate cortexd service, since this plugin depends on it but does not install it.

VirusTotal

VirusTotal engine telemetry is currently stale for this artifact.

View on VirusTotal

Static analysis

Detected: suspicious.install_untrusted_source

Install source points to URL shortener or raw IP.

Warn
Code
suspicious.install_untrusted_source
Location
config.schema.json:12
Evidence
"default": "http://127.0.0.1:8766",

Install source points to URL shortener or raw IP.

Warn
Code
suspicious.install_untrusted_source
Location
openclaw.plugin.json:14
Evidence
"default": "http://127.0.0.1:8766",