Back to plugin

Security audit

ClawXMemory

Security checks across malware telemetry and agentic risk

Overview

ClawXMemory is a coherent memory plugin, but it stores full conversations and appears to use environment-based credentials for network LLM extraction without clearly declaring that credential use.

Install only if you want OpenClaw conversations stored as persistent memory. Before enabling it, check which LLM provider credentials are available in your environment, keep the dashboard on 127.0.0.1, and adjust or disable full-session capture, auto-indexing, add, and recall if that is broader than you want.

VirusTotal

VirusTotal engine telemetry is currently stale for this artifact.

View on VirusTotal

Static analysis

Detected: suspicious.env_credential_access

Environment variable access combined with network send.

Critical
Code
suspicious.env_credential_access
Location
dist/core/skills/llm-extraction.js:1527
Evidence
if (looksLikeEnvVarName(configured) && typeof process.env[configured] === "string" && process.env[configured]?.trim()) {

Environment variable access combined with network send.

Critical
Code
suspicious.env_credential_access
Location
src/core/skills/llm-extraction.ts:2013
Evidence
if (looksLikeEnvVarName(configured) && typeof process.env[configured] === "string" && process.env[configured]?.trim()) {