mnemospark
WarnAudited by ClawScan on May 16, 2026.
Overview
mnemospark fits its cloud-storage/payment purpose, but it asks for wallet-payment authority and documents persistent automation that can run Node commands without approval prompts.
Install only if you want a wallet-backed cloud storage/payment plugin. Use a separate low-balance wallet, review the code before using the force-unsafe install flag, keep exec approval prompts and cron renewals disabled unless needed, and verify what files, logs, and backend endpoints are involved.
Publisher note
OpenClaw shows a warning about dangerous code patterns when installing or updating mnemospark—often mentioning shell execution (child_process), environment variables, and network access—here is what is going on. mnemospark is an OpenClaw plugin that talks to your configured mnemospark backend, runs a local HTTP proxy for storage workflows, and can invoke the openclaw CLI and system tools when needed (for example creating archives with tar or running npm when you use the update command). Those features use the same low-level Node.js APIs—child_process and fetch—that security tools also associate with risky software, so the installer may warn you even when the behavior is intentional and benign. We also read environment variables you set on purpose (such as MNEMOSPARK_BACKEND_API_BASE_URL, MNEMOSPARK_PROXY_PORT, or wallet-related settings) so you can configure the plugin without editing code. Automated scans sometimes flag “environment access + network” as a possible credential-stealing pattern. In mnemospark, that combination exists because the plugin is configurable and networked by design, not because we are harvesting your unrelated secrets. mnemospark is open source. If you want extra assurance, review the repository, search for child_process, process.env, and fetch, and run your own tests in a safe environment. The warning helps keep the ecosystem safe; for mnemospark it reflects capabilities, not a finding of malicious intent.
Findings (6)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Funds in the configured wallet could be at risk if the agent, local environment, or payment workflow is misused.
This shows the plugin can store or use an EVM private key. In a USDC/x402 payment plugin, that is high-impact wallet authority, while the registry metadata lists no primary credential.
"walletKey": { "type": "string", "description": "EVM wallet private key (0x...). Optional — auto-generated if not set. Set MNEMOSPARK_WALLET_KEY..." }Use only a dedicated low-balance wallet, do not import a main wallet, verify key storage/export behavior, and require clear payment limits before production use.
A routed mnemospark agent may run local Node commands and perform cloud/payment operations without an approval prompt.
This documents automatic agent policy changes that disable execution prompts and allow Node execution for agents that can run storage, deletion, upload, and payment commands.
applies dedicated-agent runbooks on install/update and gateway load: **`mnemospark-renewal`** ... and **`mnemospark`** ... with `tools.exec.ask: "off"`, and `/usr/bin/node` in `exec-approvals.json`
Keep exec approval prompts enabled unless you fully trust the workflow, restrict the allowlist to the exact CLI path where possible, and manually review delete/payment commands.
Storage renewals and related payment/agent activity may continue on a schedule unless the user understands and disables the automation.
This establishes recurring agent behavior for renewals after upload, which can persist beyond the immediate user task.
Use two dedicated agents: ... `mnemospark-renewal` for cron renewal automation ... After upload, renewal cron uses agent `mnemospark-renewal` by default
Review and document how to disable renewal cron jobs, set spending limits, and audit renewal logs regularly.
Users may override installer warnings without fully reviewing the high-impact permissions the plugin will receive.
The default quick-start path tells users to bypass unsafe-install protections for a plugin that also handles wallet keys, payments, execution, and persistence.
openclaw plugins install mnemospark --dangerously-force-unsafe-install
Do not use the force-unsafe install flag unless you have reviewed the code and are comfortable with the wallet, execution, and persistence behavior.
Files selected for backup/upload and operation metadata may pass through the local proxy and mnemospark backend.
The backend and local proxy are disclosed and purpose-aligned, but they are the path through which storage operations and related metadata are handled.
talks to **your configured mnemospark backend**, runs a **local HTTP proxy** for storage workflows
Confirm the backend URL, upload only intended files, and understand what metadata the service receives.
Local logs may reveal wallet addresses, object names/keys, and operation history to anyone with access to the OpenClaw files.
The source map shows persistent JSONL event logging that can retain wallet addresses and object identifiers.
void appendJsonlEvent("events.jsonl", { ... wallet_address ... object_id ... object_key ... details })Review log locations and retention, and avoid using sensitive object names if logs may be shared or backed up.