Environment variable access combined with network send.
Critical
- Code
- suspicious.env_credential_access
- Location
- dist/index.js:82
- Evidence
apiUrl: process.env.MNEMOSYNE_API_URL ?? pcfg?.apiUrl ?? DEFAULTS.apiUrl,
Security audit
Security checks across malware telemetry and agentic risk
This memory plugin is coherent but deserves review because it automatically saves conversation content and reinjects recalled memories into high-priority agent context by default.
Install only if you want this plugin to replace OpenClaw’s default memory. Before enabling it, confirm the Mnemosyne API is trusted, decide whether automatic retention should be disabled, and review how stored memories can be inspected, redacted, forgotten, or prevented from being injected into future conversations.
VirusTotal engine telemetry is currently stale for this artifact.
Detected: suspicious.env_credential_access
apiUrl: process.env.MNEMOSYNE_API_URL ?? pcfg?.apiUrl ?? DEFAULTS.apiUrl,
apiUrl: process.env.MNEMOSYNE_API_URL ?? pcfg?.apiUrl ?? DEFAULTS.apiUrl,