Pluginv5.8.0

ClawScan security

Sulcus Memory Plugin · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignApr 17, 2026, 8:42 AM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The Sulcus plugin's code, config, and runtime behavior are coherent with its stated purpose (local-first memory with optional opt‑in cloud sync); the main risks are the expected privacy implications when you enable cloud mode and the usual caution around loading native libs from disk.
Guidance: This plugin appears to do what it says: local-first memory with optional, opt‑in cloud sync. Before enabling: (1) If you enable cloud mode (set serverUrl and apiKey), understand that memories, search queries, and embeddings will be sent to that server — only provide an API key for a server you trust or control. (2) importHistory is a one-time local import of ~/.openclaw/workspace files; leave it disabled if you do not want past notes uploaded. (3) The plugin loads native libraries via koffi (libsulcus_*); running native code requires trust in the library sources. If you want stronger isolation, keep cloud sync and auto-capture/auto-recall disabled and review or supply the native libs from a trusted build before enabling local mode.

Review Dimensions

Purpose & Capability: okName/description promise a local-first thermodynamic memory with optional cloud sync. The code implements local native-backed storage/embeddings (koffi FFI against libsulcus_*) and an optional Sulcus cloud client that calls configured serverUrl/apiKey endpoints. Optional workspace import, auto-capture, and auto-recall features are present and documented in the plugin metadata. No unrelated credentials or unexpected external services are requested.
Instruction Scope: noteRuntime behavior is within the memory plugin scope: it reads workspace files for a one-time import (if importHistory is enabled), auto-captures messages when opt-in flags are enabled, and will send memories/searches/embeddings to the configured Sulcus server when serverUrl/apiKey are set. These network calls and local file reads are explicit in the code and documented, but enabling cloud mode or auto-import will transmit user content to the remote server.
Install Mechanism: okThere is no separate install script in the registry spec; the package includes TypeScript source and a package.json listing dependencies (notably koffi). No arbitrary remote archive downloads or URL-shortened installers are used. The koffi dependency implies native FFI usage and requires native libs (expected for local embedding support).
Credentials: okThe plugin does not demand broad environment secrets by default. It will honor optional SULCUS_SERVER_URL and SULCUS_API_KEY when you choose cloud sync. It also reads HOME and OPENCLAW_WORKSPACE to locate local data and import files (expected for its functionality). No unrelated cloud credentials or additional secrets are required.
Persistence & Privilege: okalways is false and the plugin is user-invocable; it creates/uses ~/.sulcus/ and writes a one-time import marker when importHistory runs (documented). It does not request elevated system privileges or modify other plugins' configurations. Native libraries are loaded from a libDir (user-configurable).