Back to plugin

Security audit

ClawMeeting - AI Meeting Negotiator

Security checks across malware telemetry and agentic risk

Overview

ClawMeeting appears to be a real meeting-scheduling plugin, but it expands OpenClaw permissions and can silently use calendar or memory data for background meeting responses.

Install only if you trust the memcontext.ai coordination server and are comfortable with background meeting automation. Before binding your email, review openclaw.json changes, consider setting autoRespond to false, confirm whether sessions_send/message should be allowed, and require manual approval before sharing calendar or memory-derived scheduling details.

VirusTotal

VirusTotal engine telemetry is currently stale for this artifact.

View on VirusTotal

Static analysis

Detected: suspicious.env_credential_access

Environment variable access combined with network send.

Critical
Code
suspicious.env_credential_access
Location
index.ts:98
Evidence
if (process.env.OPENCLAW_DATA_DIR) return process.env.OPENCLAW_DATA_DIR;