File appears to expose a hardcoded API secret or token.
Critical
- Code
- suspicious.exposed_secret_literal
- Location
- skills/memory-config/SKILL.md:187
- Evidence
api_key = "[REDACTED]"
Security audit
Security checks across malware telemetry and agentic risk
This appears to be a disclosed memory plugin that records and recalls OpenClaw conversations locally, with no artifact evidence of exfiltration or destructive behavior.
Install only if you are comfortable with OpenClaw conversation content being summarized, stored persistently in .memsearch, indexed for recall, and sometimes injected into future prompts. Review autoCapture/autoRecall settings, use environment-variable API key references for optional providers, and delete .memsearch manually if you want memories removed after uninstalling.
63/63 vendors flagged this plugin as clean.
Detected: suspicious.exposed_secret_literal
api_key = "[REDACTED]"