Back to plugin

Security audit

MemoClaw Memory

Security checks across malware telemetry and agentic risk

Overview

This appears to be a memory plugin, but it can automatically store and send conversation content to a cloud service without clear consent, disclosure, or redaction controls.

Review before installing. Use it only if you are comfortable with prompts, transcripts, assistant replies, queries, workspace/session identifiers, tags, and metadata being persisted and sent to MemoClaw. Avoid using it with secrets, regulated data, customer data, or proprietary conversations unless the publisher provides explicit opt-in controls, redaction, retention/deletion settings, and clear cloud-data disclosures.

VirusTotal

61/61 vendors flagged this plugin as clean.

View on VirusTotal

Static analysis

Detected: suspicious.exposed_secret_literal

File appears to expose a hardcoded API secret or token.

Critical
Code
suspicious.exposed_secret_literal
Location
plugin.js:111
Evidence
apiKey: [REDACTED],