Environment variable access combined with network send.
Critical
- Code
- suspicious.env_credential_access
- Location
- index.ts:98
- Evidence
if (process.env.OPENCLAW_DATA_DIR) return process.env.OPENCLAW_DATA_DIR;
Security audit
Security checks across malware telemetry and agentic risk
ClawMeeting appears to be a real meeting-scheduling plugin, but it expands OpenClaw permissions and can silently use calendar or memory data for background meeting responses.
Install only if you trust the memcontext.ai coordination server and are comfortable with background meeting automation. Before binding your email, review openclaw.json changes, consider setting autoRespond to false, confirm whether sessions_send/message should be allowed, and require manual approval before sharing calendar or memory-derived scheduling details.
VirusTotal engine telemetry is currently stale for this artifact.
Detected: suspicious.env_credential_access
if (process.env.OPENCLAW_DATA_DIR) return process.env.OPENCLAW_DATA_DIR;