Pluginv0.8.0

ClawScan security

memory-braid · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignMar 23, 2026, 7:31 PM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill appears to do what it says — a local OpenClaw memory plugin that captures, audits, consolidates, and optionally writes plugin-captured memories to a Mem0 store — and its code, instructions, and requested privileges are consistent with that purpose.
Guidance: This plugin is internally consistent with its description, but review these points before installing: - Back up any Mem0 data you care about before running remediate/delete/purge commands — destructive actions require --apply and are operator-triggered, but they will remove plugin-captured Mem0 records. - The plugin stores local state under the OpenClaw state directory (e.g., ~/.openclaw/memory-braid); the README documents a manual rm -rf option for full reset — only run that if you intend to wipe plugin state. - Optional features (entity extraction, ML enrichment, embedder) can call external APIs when enabled; only provide API keys (e.g., OPENAI_API_KEY) if you want those integrations, and scope those keys to minimal privileges if possible. - If you self-host Mem0 or configure external vector/LLM backends, review those connector settings (URLs, credentials) to ensure they point to expected endpoints. - The plugin's remediation and quarantine flows are designed to be safe by default (dry-run until --apply), but verify audit reports before applying changes. If you want greater assurance, inspect the mem0-client and capture configuration in src/config.ts and src/mem0-client.ts to confirm exactly which backends/providers will be called in your environment.

Review Dimensions

Purpose & Capability: okName/description (augment local memory with Mem0) aligns with included code (mem0-client, capture, consolidation, selection, dedupe, entity extraction) and the declared command surface. The plugin implements Mem0 adapters, OSS defaults, and optional external-LLM/entity extraction hooks that match the stated features.
Instruction Scope: noteSKILL.md stays within memory/capture/recall scope. It documents audit/remediate commands (including destructive actions guarded by a --apply flag) and an operator-only self-hosted reset using rm -rf ~/.openclaw/memory-braid. Nothing in the instructions asks the agent to read unrelated system secrets or perform arbitrary exfiltration, but the remediation/ purge commands can remove Mem0-captured records when explicitly applied.
Install Mechanism: okNo install spec (instruction-only in registry) — the package includes source and tests but the registry entry does not request downloading/executing external artifacts. That is low-risk from an installer perspective. The repository contains many source files (TypeScript) consistent with a plugin implementation rather than hidden installers.
Credentials: noteRegistry declares no required env vars; code and docs show optional integration with external providers (e.g., OpenAI for NER/ML or embedder configs, and configurable Mem0 backends). Optional external API keys (OPENAI_API_KEY or other provider creds configured via mem0/oss config) are reasonable for the advertised features but are not listed as required — operators should only supply keys they intend to use and avoid providing unrelated high-privilege credentials.
Persistence & Privilege: notealways:false and user-invocable: true (normal). The plugin stores state under the OpenClaw state dir (e.g., ~/.openclaw/memory-braid) and provides remediation commands that can quarantine or delete Mem0-captured records (guarded by explicit --apply flags). Self-hosted reset is an operator manual step. These behaviors are within scope but are powerful — they can remove Mem0 records when invoked.