Install source points to URL shortener or raw IP.
- Code
- suspicious.install_untrusted_source
- Location
- config.schema.json:12
- Evidence
"default": "http://127.0.0.1:8766",
Security audit
Security checks across malware telemetry and agentic risk
This plugin appears to do what it claims: connect OpenClaw to a local Cortex memory/context service, though users should understand it will process conversation and identity data.
This looks internally consistent, but it is a memory and identity plugin, so it may handle sensitive data by design. Install it only if you want OpenClaw messages, thread/user identifiers, display names, and possibly email/phone/username fields to be sent to Cortex for memory and identity resolution. Keep apiBaseUrl on 127.0.0.1 or another endpoint you fully trust; if you point it at a remote server, your conversation and identity data may leave the machine. Also review the separate cortexd service, since this plugin depends on it but does not install it.
VirusTotal engine telemetry is currently stale for this artifact.
Detected: suspicious.install_untrusted_source
"default": "http://127.0.0.1:8766",
"default": "http://127.0.0.1:8766",