Back to plugin

Security audit

Memnode Openclaw Plugin

Security checks across malware telemetry and agentic risk

Overview

The plugin's code, docs, and configuration requests are consistent with a Memnode OpenClaw plugin: it needs a Memnode API key in plugin config and will call the Memnode hosted API to store and recall agent memory.

This plugin appears to be what it says: a native OpenClaw integration that sends agent memory to a hosted Memnode tenant. Before installing: (1) confirm you trust the Memnode service and the tenant that will receive stored memories (sensitive info and user data saved by agents will be transmitted there); (2) limit what the agent records (avoid storing secrets, credentials, or PII in persistent memory); (3) supply a dedicated API key with appropriate scope/rotation if possible; and (4) if you are uncomfortable with agents invoking tools autonomously, disable autonomous invocation or restrict the plugin/tool for human-invoked flows. If you want extra assurance, review the rest of index.ts (the file included) to confirm the code paths you care about; the reviewed portions show standard API client usage and no unexpected network endpoints.

VirusTotal

No VirusTotal findings

View on VirusTotal

Static analysis

No suspicious patterns detected.