Security audit
Memoria
Security checks across malware telemetry and agentic risk
Overview
Memoria appears to be a real local-first memory plugin, but it should be reviewed before install because it persists and reuses broad conversation/workspace data, recommends an unpinned curl-to-bash installer, and advertises auto skill creation without clear guardrails.
Install Memoria only if you want a persistent cross-session memory system and are comfortable with it storing conversation-derived facts locally. Prefer the ClawHub install path over the curl-to-bash installer, use local LLM providers for sensitive work, review generated memory files regularly, and verify that any auto-skill creation feature requires explicit approval before it writes or activates new skills.
VirusTotal
VirusTotal engine telemetry is currently stale for this artifact.
Static analysis
No suspicious patterns detected.
