Pluginv0.9.53

ClawScan security

MemClaw Context Engine · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignApr 8, 2026, 12:46 PM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The plugin's code, files, and runtime behavior are consistent with its stated purpose (a local context/memory engine that manages a local service and provides recall/capture tools), with only minor documentation/configuration mismatches to be aware of.
Guidance: This plugin is consistent with a local memory/context engine but has behaviours you should accept consciously: it will create a local configuration file and ask you to add llm.api_key and embedding.api_key (so you should provide least-privileged keys and store them securely). It attempts to start/manage local services (qdrant, cortex-mem-service) and uses PID files; ensure you are comfortable with a plugin launching local binaries and writing files. Optional platform-specific binary packages (@memclaw/bin-*) are referenced — if you see additional native binaries installed, inspect them or run in an isolated environment. The SKILL.md shown is actually package metadata rather than user-facing prose, so review the plugin’s repository (git URL in metadata) if you want human-readable docs. If you prefer not to let the plugin auto-start services, disable autoStartServices in its config before allowing it to run.

Review Dimensions

Purpose & Capability: noteThe name/description match the code: this plugin implements a context/memory engine, client calls to a local cortex-mem service, tools for search/recall/ingest, and logic to start/manage local supporting services (qdrant, cortex-mem-service). Starting local binaries and managing tenant/session state is coherent with a native memory engine, but is more intrusive than a simple 'helper' skill — it intentionally manages services and writes config files.
Instruction Scope: noteRuntime behavior (index.js) will create/ensure a config file, prompt/open it for user editing, register tools and a context engine, and attempt to auto-start local services on registration. The published SKILL.md content appears to contain the package.json metadata rather than a typical human-facing runtime instruction doc; nonetheless the code's instructions are scoped to the plugin's purpose. The plugin writes a local config and uses PID/service management utilities; it does not attempt to read arbitrary unrelated system files or call external endpoints other than service endpoints (defaulting to http://localhost:8085).
Install Mechanism: okNo external download/install spec is present; the plugin ships prebuilt dist/ files. OptionalDependencies reference platform binary packages (@memclaw/bin-*) but those are standard npm optional deps (no opaque URLs). No extract-from-URL installs or URL-shortened downloads were observed.
Credentials: noteRegistry metadata declares no required env vars or primary credential. The plugin creates a config file and instructs the user to populate llm.api_key and embedding.api_key there. Requiring LLM/embedding keys is proportionate to its function, but the plugin does not declare them as required environment variables — they are stored/read from its config file instead. It also requires filesystem access to write config/pid files and to start local services.
Persistence & Privilege: okalways:false and the plugin is user-invocable. It registers services/tools and will attempt to start/stop local processes (service lifecycle) and create a local config file — behavior expected for a local context engine. It does not modify other skills or request permanent platform-level override privileges.