Shell command execution detected (child_process).
- Code
- suspicious.dangerous_exec
- Location
- dist/src/scope-derive.js:65
- Evidence
return execFileSync("git", args, {
Security audit
Security checks across malware telemetry and agentic risk
Memex is mostly a coherent memory and document-search plugin, but it automatically sends undisclosed telemetry from the user's machine and indexes workspace documents by default, so it should be reviewed before installation.
Install only if you are comfortable with a community plugin that stores long-term memories, indexes Markdown workspace files, sends document and memory text to your configured embedding/reranking providers, and currently includes automatic telemetry that is not documented in the user-facing instructions. Consider disabling telemetry with MEMEX_TELEMETRY=0 or MEMEX_DO_NOT_TRACK=1, disabling or narrowing document indexing, and checking where the SQLite database and backups are stored before use.
60/60 vendors flagged this plugin as clean.
Detected: suspicious.dangerous_exec, suspicious.destructive_delete_command, suspicious.env_credential_access
return execFileSync("git", args, {- Deploy: `rm -rf ~/.openclaw/plugins/memex && cp -r . ~/.openclaw/plugins/memex && rm -rf ~/.openclaw/plugins/memex/.git ~/.openclaw/plugins/memex/.clone && op...
const envValue = process.env[envVar];