Back to plugin

Security audit

Mnemosyne Memory Engine

Security checks across malware telemetry and agentic risk

Overview

This memory plugin is coherent but deserves review because it automatically saves conversation content and reinjects recalled memories into high-priority agent context by default.

Install only if you want this plugin to replace OpenClaw’s default memory. Before enabling it, confirm the Mnemosyne API is trusted, decide whether automatic retention should be disabled, and review how stored memories can be inspected, redacted, forgotten, or prevented from being injected into future conversations.

VirusTotal

VirusTotal engine telemetry is currently stale for this artifact.

View on VirusTotal

Static analysis

Detected: suspicious.env_credential_access

Environment variable access combined with network send.

Critical
Code
suspicious.env_credential_access
Location
dist/index.js:82
Evidence
apiUrl: process.env.MNEMOSYNE_API_URL ?? pcfg?.apiUrl ?? DEFAULTS.apiUrl,

Environment variable access combined with network send.

Critical
Code
suspicious.env_credential_access
Location
src/index.ts:117
Evidence
apiUrl: process.env.MNEMOSYNE_API_URL ?? pcfg?.apiUrl ?? DEFAULTS.apiUrl,