Back to plugin

Security audit

mnemospark

Security checks across malware telemetry and agentic risk

Overview

This plugin appears purpose-built for Mnemospark wallet and cloud storage workflows, but it automatically changes OpenClaw execution policy and handles wallet/private-key/payment actions with too little runtime user control.

Install only if you are comfortable with a plugin that can start a local proxy, use or create an EVM wallet key, interact with Mnemospark backend services, upload/download/delete stored data, settle payments, and modify OpenClaw agent/exec-approval configuration. Review the automatic runbook behavior, consider setting MNEMOSPARK_DISABLE_OPENCLAW_PREREQ=1 if you do not want config mutation, and avoid wallet export unless you can protect terminal output and logs.

VirusTotal

65/65 vendors flagged this plugin as clean.

View on VirusTotal

Static analysis

Detected: suspicious.dangerous_exec, suspicious.env_credential_access, suspicious.exposed_secret_literal

Shell command execution detected (child_process).

Critical
Code
suspicious.dangerous_exec
Location
dist/cli.js:3523
Evidence
nextDb.exec("PRAGMA journal_mode=WAL;");

Shell command execution detected (child_process).

Critical
Code
suspicious.dangerous_exec
Location
dist/index.js:3568
Evidence
nextDb.exec("PRAGMA journal_mode=WAL;");

Shell command execution detected (child_process).

Critical
Code
suspicious.dangerous_exec
Location
prepare.mjs:14
Evidence
const syncResult = spawnSync(process.execPath, [syncScript], {

Environment variable access combined with network send.

Critical
Code
suspicious.env_credential_access
Location
dist/cli.js:151
Evidence
const envPort = process.env.MNEMOSPARK_PROXY_PORT;

Environment variable access combined with network send.

Critical
Code
suspicious.env_credential_access
Location
dist/index.js:196
Evidence
const envPort = process.env.MNEMOSPARK_PROXY_PORT;

File appears to expose a hardcoded API secret or token.

Critical
Code
suspicious.exposed_secret_literal
Location
dist/cli.js:270
Evidence
privateKey: [REDACTED],

File appears to expose a hardcoded API secret or token.

Critical
Code
suspicious.exposed_secret_literal
Location
dist/index.js:315
Evidence
privateKey: [REDACTED],