Security checks across static analysis, malware telemetry, and agentic risk
This looks like a purpose-built memory plugin, but it can persist and reinject conversation history and make LLM/licensing network calls, so configure it carefully.
Before installing, decide whether you want conversation memory stored across sessions, check auto-capture/auto-recall settings, choose a local or external LLM endpoint intentionally, and be comfortable with vendor license/update checks. The provided artifacts do not show unrelated exfiltration or destructive behavior.
`)}var tn=J(()=>{A();L();$e();We()});L();import{existsSync as Is}from"node:fs";import{resolve as Cs}from"node:path";import{checkLicense as Ds}from"./lib/license...var sn=Object.defineProperty;var J=(n,e)=>()=>(n&&(e=n(n=0)),e);var Oe=(n,e)=>{for(var t in e)sn(n,t,{get:e[t],enumerable:!0})};import{execSync as on}from"node:...VirusTotal engine telemetry is currently stale for this artifact.
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Captured conversations may be reused in later tasks, and inaccurate or poisoned memories could influence future agent behavior.
The plugin can persist conversation-derived memory and inject recalled memories into later agent turns, which is central to its stated memory purpose but sensitive.
"help": "Inject relevant memories before each agent turn" ... "help": "Store conversation context after each turn"
Enable auto-capture/auto-recall only where persistent memory is appropriate, review stored memories periodically, and avoid using it for highly sensitive sessions unless you understand the retention controls.
If an API key is present, memory-related prompts or embedding inputs may be sent to the configured LLM provider and billed to that account.
The plugin can automatically use LLM API keys from the environment and attach them to network requests to the selected LLM provider.
function et(){return process.env.OPENCLAW_LLM_API_KEY||process.env.OPENAI_API_KEY||null} ... e.Authorization=`Bearer ${n.apiKey}`Set the LLM endpoint and API key intentionally, prefer local providers for sensitive memory, and avoid leaving unrelated global API keys available if you do not want this plugin to use them.
The vendor can verify and potentially revoke license state for this device; the shown code does not send memory content in this license request.
The commercial license check posts the local license key and device identifier to the vendor verification API.
body: JSON.stringify({ key: license.key, device_id: license.device_id })Install only if you are comfortable with vendor license verification and the device activation model described by the license.
Shell execution increases the impact of unsafe inputs or untrusted local binaries, although the visible uses are aligned with local memory indexing/search.
The main bundle wraps child_process.execSync and uses it for local sqlite3/qmd operations, which is broader than pure in-process file access.
import{execSync as on}from"node:child_process";function m(n,e){return on(n,e)}Use the plugin in a trusted local environment, ensure sqlite3/qmd binaries are trusted, and keep memory/database paths under user-controlled .openclaw directories.
The plugin may contact the vendor in the background for update status without interrupting the user.
The update checker runs a silent background network check while the plugin is active, scoped to update metadata and throttled to once per day.
Fire-and-forget, never blocks startup. Checks at most once every 24 hours. ... fetch("https://openclaw-api.apptah.com/api/check-update"Be aware of the background vendor check and block or disable network access if your environment requires fully offline operation.