Back to plugin

Security audit

claw-mate memories

Security checks across malware telemetry and agentic risk

Overview

The plugin's code, config, and runtime behavior are coherent with its stated purpose: it reads conversation messages and stores 'memories' as local markdown files (default ~/.openclaw/memories); it does not request credentials or access external networks.

This plugin stores conversation-derived 'memories' as local markdown files (default: ~/.openclaw/memories). It only reads messages passed by the platform and writes files in that directory; it does not access the network or request secrets. Defaults are safe: autoExtract is off by default and must be enabled in plugin config to auto-save at session end. Before enabling autoExtract, decide whether you want conversation content to be persisted locally and consider changing memoriesDir to a directory you control. Note: SKILL.md appears to contain package/manifest JSON rather than user-facing runtime instructions, but the TypeScript source is present and matches the described behavior. If you need higher assurance, review the included source files (index.ts, src/extractor.ts, src/memory-store.ts) yourself or run the plugin in a sandboxed environment.

VirusTotal

No VirusTotal findings

View on VirusTotal

Static analysis

No suspicious patterns detected.