Security audit
Plur Claw Publish
Security checks across malware telemetry and agentic risk
Overview
This is a coherent persistent-memory plugin, but it can run setup during install, persistently enable itself, and configure an unpinned MCP server outside the reviewed package.
Before installing, review the setup behavior, consider installing with npm lifecycle scripts disabled, inspect any changes to ~/.openclaw/openclaw.json, pin or remove the @plur-ai/mcp npx server, and decide whether auto-learning and auto-capture are appropriate for your conversations.
VirusTotal
VirusTotal engine telemetry is currently stale for this artifact.
Static analysis
No suspicious patterns detected.
