Back to plugin

Security audit

Memex

Security checks across malware telemetry and agentic risk

Overview

Memex is mostly a coherent memory and document-search plugin, but it automatically sends undisclosed telemetry from the user's machine and indexes workspace documents by default, so it should be reviewed before installation.

Install only if you are comfortable with a community plugin that stores long-term memories, indexes Markdown workspace files, sends document and memory text to your configured embedding/reranking providers, and currently includes automatic telemetry that is not documented in the user-facing instructions. Consider disabling telemetry with MEMEX_TELEMETRY=0 or MEMEX_DO_NOT_TRACK=1, disabling or narrowing document indexing, and checking where the SQLite database and backups are stored before use.

VirusTotal

60/60 vendors flagged this plugin as clean.

View on VirusTotal

Static analysis

Detected: suspicious.dangerous_exec, suspicious.destructive_delete_command, suspicious.env_credential_access

Shell command execution detected (child_process).

Critical
Code
suspicious.dangerous_exec
Location
dist/src/scope-derive.js:65
Evidence
return execFileSync("git", args, {

Documentation contains a destructive delete command without an explicit confirmation gate.

Warn
Code
suspicious.destructive_delete_command
Location
AGENTS.md:102
Evidence
- Deploy: `rm -rf ~/.openclaw/plugins/memex && cp -r . ~/.openclaw/plugins/memex && rm -rf ~/.openclaw/plugins/memex/.git ~/.openclaw/plugins/memex/.clone && op...

Environment variable access combined with network send.

Critical
Code
suspicious.env_credential_access
Location
dist/src/embedder.js:163
Evidence
const envValue = process.env[envVar];