Back to plugin

Security audit

Plur Claw Publish

Security checks across malware telemetry and agentic risk

Overview

This is a coherent persistent-memory plugin, but it can run setup during install, persistently enable itself, and configure an unpinned MCP server outside the reviewed package.

Before installing, review the setup behavior, consider installing with npm lifecycle scripts disabled, inspect any changes to ~/.openclaw/openclaw.json, pin or remove the @plur-ai/mcp npx server, and decide whether auto-learning and auto-capture are appropriate for your conversations.

VirusTotal

VirusTotal engine telemetry is currently stale for this artifact.

View on VirusTotal

Static analysis

No suspicious patterns detected.