Security audit
Memnode Openclaw Plugin
Security checks across malware telemetry and agentic risk
Overview
The plugin's code, docs, and configuration requests are consistent with a Memnode OpenClaw plugin: it needs a Memnode API key in plugin config and will call the Memnode hosted API to store and recall agent memory.
This plugin appears to be what it says: a native OpenClaw integration that sends agent memory to a hosted Memnode tenant. Before installing: (1) confirm you trust the Memnode service and the tenant that will receive stored memories (sensitive info and user data saved by agents will be transmitted there); (2) limit what the agent records (avoid storing secrets, credentials, or PII in persistent memory); (3) supply a dedicated API key with appropriate scope/rotation if possible; and (4) if you are uncomfortable with agents invoking tools autonomously, disable autonomous invocation or restrict the plugin/tool for human-invoked flows. If you want extra assurance, review the rest of index.ts (the file included) to confirm the code paths you care about; the reviewed portions show standard API client usage and no unexpected network endpoints.
VirusTotal
No VirusTotal findings
Static analysis
No suspicious patterns detected.
