Security audit
OpenClaw Mem
Security checks across malware telemetry and agentic risk
Overview
The bundle's code, docs, and runtime instructions are consistent with a sidecar-first OpenClaw memory capture plugin and do not request unrelated credentials or unusual install behavior.
This bundle appears to do what it says: a sidecar capture + local CLI/SQLite proof path. Before installing: (1) run the local proof steps (sample JSONL → ingest → search/timeline) on a throwaway DB to verify redaction/behavior; (2) review any systemd/cron or OpenClaw cron job snippets — they include agentTurn payloads that will cause execs to run, so only enable them if you trust the configured commands and host; (3) do not promote the optional mem-engine to own the memory slot until you've audited receipts and rollback paths. If you want extra caution, keep captureMessage and episodes disabled and rely on manual CLI ingest until comfortable.
VirusTotal
No VirusTotal findings
Static analysis
No suspicious patterns detected.
