openclaw-memx-memory-plugin

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The skill's runtime installation fetches and installs code from https://github.com/NeoLi00/openclaw-memx (via git clone / openclaw plugins install .), which will execute as a plugin and explicitly enables prompt injection (plugins.entries.memory-memx.hooks.allowPromptInjection), so the remote repository both executes code and directly controls agent prompts and is a required dependency.