Pluginv0.8.22

ClawScan security

Nowledge Mem for OpenClaw · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousApr 29, 2026, 12:54 PM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The plugin's code and runtime instructions are largely consistent with a Nowledge Mem memory integration, but there are mismatches between the registry metadata and the package contents and some privacy-relevant behaviors you should verify before installing.
Guidance: This package appears to be a legitimate Nowledge Mem integration for OpenClaw, but take these precautions before installing: 1) Confirm the source (nowledge-co/community) and install from the official registry or your vetted copy. 2) Verify you have the Nowledge desktop app or the nmem CLI available — SKILL.md and the code expect nmem even though registry metadata lists no required binaries. 3) Understand that conversation capture is enabled by default (sessionDigest and automatic thread append); use captureExclude or the skip marker if you do not want some sessions saved. 4) Review where apiUrl/apiKey are stored (plugin config and ~/.nowledge-mem/config.json). If you use remote mode, ensure the remote server is trusted and the apiKey is handled only via headers/environment (the project claims it does). 5) Optionally inspect the main source files (client.js, spawn-env.js, capture hooks) to confirm they do not send data to unexpected endpoints and that environment variables are not exfiltrated. 6) After install, verify behavior with openclaw nowledge-mem status and a small test (e.g., synthetic /remember /recall) before using with sensitive data. If you are uncomfortable with automatic persistence, keep the plugin disabled or set capture options to opt-out.

Review Dimensions

Purpose & Capability: noteThe plugin is a Nowledge Mem memory/context-engine for OpenClaw and the code/tools in src/ match that purpose (CLI wrapper, context engine, capture hooks, search/save tools). However, the registry metadata and top-level listing claim 'instruction-only' and list no required binaries, while SKILL.md and source expect the nmem CLI or desktop Nowledge Mem app. This is a discrepancy you should confirm (nmem is required for functionality).
Instruction Scope: concernThe runtime instructions and code explicitly perform automatic thread capture (every conversation is appended and made searchable) and LLM distillation at session end when enabled. That behavior is coherent with a memory plugin but has clear privacy implications: conversation content is persisted and searchable by default unless you opt out via captureExclude/captureSkipMarker. The instructions also tell agents to read and possibly write OpenClaw plugin config files (~/.openclaw/openclaw.json) and Nowledge config (~/.nowledge-mem/*) which is expected but worth noting.
Install Mechanism: noteNo separate install spec in the registry (installer uses openclaw plugins install), which is normal for OpenClaw plugins, and there are no external download URLs. But the package is not truly 'instruction-only': the published package contains substantial JS source (src/) and manifest files. That mismatch (claiming instruction-only vs shipping executable plugin code) is worth auditing; the code appears to be self-contained and does not pull from unknown external URLs during install.
Credentials: noteRegistry metadata lists no required env vars or credentials, and openclaw.plugin.json stores remote apiKey as a sensitive plugin config injected as NMEM_API_KEY at runtime. This is proportional to the plugin's remote mode. Still check where NMEM_API_URL / NMEM_API_KEY are read (~/.nowledge-mem/config.json and plugin settings) and confirm the plugin does not log or leak those values; the changelog states API keys are sent only in headers and are not logged.
Persistence & Privilege: okThe plugin is not 'always:true', and autonomous invocation is allowed by default (normal for skills). It does expect to be enabled as the memory slot (it will switch the plugin memory slot on install) — that is typical for a memory plugin. It does not request system-wide privileges beyond reading/writing plugin and Nowledge config files and calling nmem or HTTP to the configured server.