File appears to expose a hardcoded API secret or token.
- Code
- suspicious.exposed_secret_literal
- Location
- plugin.js:111
- Evidence
apiKey: [REDACTED],
Security audit
Security checks across malware telemetry and agentic risk
This appears to be a memory plugin, but it can automatically store and send conversation content to a cloud service without clear consent, disclosure, or redaction controls.
Review before installing. Use it only if you are comfortable with prompts, transcripts, assistant replies, queries, workspace/session identifiers, tags, and metadata being persisted and sent to MemoClaw. Avoid using it with secrets, regulated data, customer data, or proprietary conversations unless the publisher provides explicit opt-in controls, redaction, retention/deletion settings, and clear cloud-data disclosures.
61/61 vendors flagged this plugin as clean.
Detected: suspicious.exposed_secret_literal
apiKey: [REDACTED],