Back to plugin

Security audit

Memoria

Security checks across malware telemetry and agentic risk

Overview

Memoria appears to be a real local-first memory plugin, but it should be reviewed before install because it persists and reuses broad conversation/workspace data, recommends an unpinned curl-to-bash installer, and advertises auto skill creation without clear guardrails.

Install Memoria only if you want a persistent cross-session memory system and are comfortable with it storing conversation-derived facts locally. Prefer the ClawHub install path over the curl-to-bash installer, use local LLM providers for sensitive work, review generated memory files regularly, and verify that any auto-skill creation feature requires explicit approval before it writes or activates new skills.

VirusTotal

VirusTotal engine telemetry is currently stale for this artifact.

View on VirusTotal

Static analysis

No suspicious patterns detected.