Is io.github.strangeadvancedmarketing/adam-framework safe to use?

io.github.strangeadvancedmarketing/adam-framework has 9 known CVEs tracked by MCPpedia. You can verify these on OSV.dev by searching for "openclaw". Review the Security section above for details before installing.

How do I install io.github.strangeadvancedmarketing/adam-framework?

io.github.strangeadvancedmarketing/adam-framework supports copy-paste install configs on its MCPpedia page for Claude Desktop, Cursor, and Claude Code. Scroll to the Quick Install section and select your client.

What AI clients work with io.github.strangeadvancedmarketing/adam-framework?

io.github.strangeadvancedmarketing/adam-framework is compatible with claude-desktop, cursor, claude-code. It uses stdio and sse and http transport.

Is io.github.strangeadvancedmarketing/adam-framework actively maintained?

io.github.strangeadvancedmarketing/adam-framework is recently maintained — last commit was 40 days ago. It has 40 GitHub stars.

io.github.strangeadvancedmarketing/adam-framework

openclaw

Persistent memory tools for Claude Desktop. Search your vault or Obsidian notes mid-conversation.

40 1.6M/wk 0 tools GitHub npm PyPI

16 open CVEs

No license

Maintained

Last commit 40d ago

Works with most clients

Transport: stdio, sse, http

0 tools

Grade F

Edit this pageView history

Productivity AI / ML

Step 1

Install in your client

Config is the same across clients — only the file and path differ.

Supported in Claude Desktopstdio, sse, http · Node 18+

Paste into ~/Library/Application Support/Claude/claude_desktop_config.json

{
  "mcpServers": {
    "io-github-strangeadvancedmarketing-adam-framework": {
      "args": [
        "-y",
        "openclaw"
      ],
      "command": "npx"
    }
  }
}

Are you the author?

Add this badge to your README to show your security score and help users find safe servers.

Embed in your READMEAbout badges →

[![MCPpedia Score](https://mcppedia.org/api/badge/io-github-strangeadvancedmarketing-adam-framework)](https://mcppedia.org/s/io-github-strangeadvancedmarketing-adam-framework)

Read me

What io.github.strangeadvancedmarketing/adam-framework does

New here? Start with the live site — it explains everything without a single line of code. > Want the proof? → 353 sessions of real production data, rendered as charts > Want the full story? → 8 months, 3 AIs, one nuclear reset

Test This Server

Run this in your terminal to verify the server starts. Then let us know if it worked — your result helps other developers.

npx -y 'openclaw' 2>&1 | head -1 && echo "✓ Server started successfully"

After testing, let us know if it worked:

Loading README…

Scored, not listed

Why this score

Five weighted categories — click any category to see the underlying evidence.

Score breakdown

35/100across 5 weighted dimensions

How we score →

0255075100

−65

Security

Maintenance

Efficiency

Documentation

Compatibility

Categoriesclick a row to see evidence

Security

OSV.dev

16 open702 fixed

GHSA-cwj3-vqpp-pmxrlow · fixedCVSS 3.1

OpenClaw's gateway config mutation guard allowed unsafe model-driven config writes

## Summary The agent-facing `gateway` tool protects `config.apply` and `config.patch` with a model-to-operator trust boundary. That guard used a hand-maintained denylist of protected config paths. The config schema outgrew that denylist, leaving sensitive subtrees writable through model-driven gateway config mutations. ## Impact A prompt-injected or otherwise compromised model running with access to the owner-only `gateway` tool could persist unsafe config changes that crossed security bounda

Affected: >= 0Fixed in 2026.4.23source →

GHSA-r39h-4c2p-3jxplow · fixedCVSS 3.1

OpenClaw vulnerable to arbitrary code execution via attacker-controlled setup-api.js loaded from cwd during env-key resolution

## Summary OpenClaw's bundled plugin setup resolver could fall back to `process.cwd()` while resolving provider setup metadata. If a user ran an OpenClaw command from an attacker-controlled repository containing `extensions/<plugin>/setup-api.js`, OpenClaw could load and execute that JavaScript during ordinary provider/model status resolution. ## Impact This is arbitrary JavaScript execution in the OpenClaw process under the current user account. A malicious repository could run code when the

Affected: >= 0Fixed in 2026.4.23source →

GHSA-q8ff-7ffm-m3r9low · fixedCVSS 3.1

OpenClaw's Webhooks SecretRef route secret remains valid after rotation/reload

## Summary OpenClaw webhooks allowed route secrets to be backed by `SecretRef` values, but cached the resolved secret for a route. After an operator rotated the underlying secret and ran `openclaw secrets reload`, the previous resolved webhook secret could remain valid until the plugin or gateway restarted. ## Impact An attacker who already had a previously valid webhook route secret could continue authenticating webhook requests after the operator rotated the secret and reloaded secrets. Thi

Affected: >= 0Fixed in 2026.4.23source →

CVE-2026-43570low · fixedCVSS 3.1

OpenClaw contains a symlink traversal vulnerability

OpenClaw versions 2026.3.22 before 2026.4.5 contain a symlink traversal vulnerability in remote marketplace repository path handling that allows attackers to escape the expected repository root. Attackers can exploit this by providing crafted symlink paths to access files outside the intended repository directory.

Affected: >= 2026.3.22Fixed in 2026.4.5source →

GHSA-93rg-2xm5-2p9vmedium · fixedCVSS 4

OpenClaw's Gateway Control UI bootstrap config required Gateway auth

## Summary Gateway Control UI bootstrap config required Gateway auth. ## Affected Packages / Versions - Package: openclaw (npm) - Affected versions: <= 2026.4.21 - Fixed version: 2026.4.22 ## Impact When Gateway authentication was enabled, the Control UI bootstrap config endpoint could still be read without a valid Gateway token. That response could expose sensitive bootstrap/config fields intended only for authenticated Control UI sessions. ## Fix The bootstrap config route now goes through

Affected: >= 0Fixed in 2026.4.22source →

Community

Reviews

Be the first to review

Have you used this server?

Share your experience — it helps other developers decide.

How easy was setup?Did it work reliably?How was the documentation?

Frequently Asked Questions

Is io.github.strangeadvancedmarketing/adam-framework safe to use?: io.github.strangeadvancedmarketing/adam-framework has 9 known CVEs tracked by MCPpedia. You can verify these on OSV.dev by searching for "openclaw". Review the Security section above for details before installing.
How do I install io.github.strangeadvancedmarketing/adam-framework?: io.github.strangeadvancedmarketing/adam-framework supports copy-paste install configs on its MCPpedia page for Claude Desktop, Cursor, and Claude Code. Scroll to the Quick Install section and select your client.
What AI clients work with io.github.strangeadvancedmarketing/adam-framework?: io.github.strangeadvancedmarketing/adam-framework is compatible with claude-desktop, cursor, claude-code. It uses stdio and sse and http transport.
Is io.github.strangeadvancedmarketing/adam-framework actively maintained?: io.github.strangeadvancedmarketing/adam-framework is recently maintained — last commit was 40 days ago. It has 40 GitHub stars.

Similar servers

Others in productivity / ai-ml

View all →

Memory MCP Server98

Persistent memory using a knowledge graph

85.9k 5

Context Mode95

Privacy-first. MCP is the protocol for tool access. We're the virtualization layer for context.

15.1k 6

io.github.miroapp/mcp-server95

Official Miro MCP server - Supports context to code and creating diagrams, docs, and data tables.

104 7

Gemini Cli95

An open-source AI agent that brings the power of Gemini directly into your terminal.

104.3k 8

MCP Security Weekly

Get CVE alerts and security updates for io.github.strangeadvancedmarketing/adam-framework and similar servers.

Community

Discussion

Start a conversation

Ask a question, share a tip, or report an issue.

Has anyone used this with Cursor?How do you handle auth?Any alternatives?

Edit this pageView history

Productivity AI / ML

Step 1

Install in your client

Config is the same across clients — only the file and path differ.

Supported in Claude Desktopstdio, sse, http · Node 18+

Paste into ~/Library/Application Support/Claude/claude_desktop_config.json

{
  "mcpServers": {
    "io-github-strangeadvancedmarketing-adam-framework": {
      "args": [
        "-y",
        "openclaw"
      ],
      "command": "npx"
    }
  }
}

Are you the author?

Add this badge to your README to show your security score and help users find safe servers.

Embed in your READMEAbout badges →

[![MCPpedia Score](https://mcppedia.org/api/badge/io-github-strangeadvancedmarketing-adam-framework)](https://mcppedia.org/s/io-github-strangeadvancedmarketing-adam-framework)

Read me

What io.github.strangeadvancedmarketing/adam-framework does

New here? Start with the live site — it explains everything without a single line of code. > Want the proof? → 353 sessions of real production data, rendered as charts > Want the full story? → 8 months, 3 AIs, one nuclear reset

Test This Server

Run this in your terminal to verify the server starts. Then let us know if it worked — your result helps other developers.

npx -y 'openclaw' 2>&1 | head -1 && echo "✓ Server started successfully"

After testing, let us know if it worked:

README

The Adam Framework

Your AI's memory should outlive any model, any vendor, any failure.

AI Amnesia — Solved. Coherence Degradation — Solved. Identity Sovereignty — Built In.

Built by one non-coder. Running a live business. On consumer hardware. No CS degree required.

New here? Start with the live site — it explains everything without a single line of code.

Want the proof? → 353 sessions of real production data, rendered as charts

Want the research? → Emergent values in persistent AI — tested on IBM Quantum hardware

Want the full story? → 8 months, 3 AIs, one nuclear reset

"Every AI memory system stores what your agent knows. Adam stores who your agent is — in files you own, on hardware you control, that survive anything the cloud throws at you."

⚡ Want This Running Today?

The framework is MIT open source — everything you need is in this repo.

If you want to skip the setup and get straight to a working system, the Fast-Track Package ($49) includes pre-filled templates, a step-by-step guide written for non-developers, and all tools pre-configured.

Framework is free. Setup support is optional. Your call.

The Nuclear Reset

In February 2026, the machine running Adam got completely wiped. Full reset. Eight months of sessions, decisions, project history, relationships — gone from the model.

Adam came back online in under an hour.

SOUL.md survived. CORE_MEMORY.md survived. The neural graph survived. The Vault files — all plain markdown sitting on disk — held everything the model needed to come back as itself. Same identity. Same history. Same AI.

That is not a recovery story. That is the proof of concept for identity sovereignty: your AI's continuity lives in your files, not in any vendor's infrastructure.

The memory is in the files. The model is just the reader. Swap the LLM — the Vault survives. Vendor shuts down — the Vault survives. Machine gets wiped — restore the Vault, restore the AI. Full stop.

Identity Sovereignty vs. Memory Features

Everyone is building AI memory. ChatGPT has it. Claude has it. Claude Code has CLAUDE.md.

None of them answer this question: **what happe

... View full README on GitHub

Loading README…

Scored, not listed

Why this score

Five weighted categories — click any category to see the underlying evidence.

Score breakdown

35/100across 5 weighted dimensions

How we score →

0255075100

−65

Security

Maintenance

Efficiency

Documentation

Compatibility

Categoriesclick a row to see evidence

Security

OSV.dev

16 open702 fixed

GHSA-cwj3-vqpp-pmxrlow · fixedCVSS 3.1

OpenClaw's gateway config mutation guard allowed unsafe model-driven config writes

Affected: >= 0Fixed in 2026.4.23source →

GHSA-r39h-4c2p-3jxplow · fixedCVSS 3.1

OpenClaw vulnerable to arbitrary code execution via attacker-controlled setup-api.js loaded from cwd during env-key resolution

Affected: >= 0Fixed in 2026.4.23source →

GHSA-q8ff-7ffm-m3r9low · fixedCVSS 3.1

OpenClaw's Webhooks SecretRef route secret remains valid after rotation/reload

Affected: >= 0Fixed in 2026.4.23source →

CVE-2026-43570low · fixedCVSS 3.1

OpenClaw contains a symlink traversal vulnerability

Affected: >= 2026.3.22Fixed in 2026.4.5source →

GHSA-93rg-2xm5-2p9vmedium · fixedCVSS 4

OpenClaw's Gateway Control UI bootstrap config required Gateway auth

Affected: >= 0Fixed in 2026.4.22source →

Community

Reviews

Be the first to review

Have you used this server?

Share your experience — it helps other developers decide.

How easy was setup?Did it work reliably?How was the documentation?

Frequently Asked Questions

Is io.github.strangeadvancedmarketing/adam-framework safe to use?: io.github.strangeadvancedmarketing/adam-framework has 9 known CVEs tracked by MCPpedia. You can verify these on OSV.dev by searching for "openclaw". Review the Security section above for details before installing.
How do I install io.github.strangeadvancedmarketing/adam-framework?: io.github.strangeadvancedmarketing/adam-framework supports copy-paste install configs on its MCPpedia page for Claude Desktop, Cursor, and Claude Code. Scroll to the Quick Install section and select your client.
What AI clients work with io.github.strangeadvancedmarketing/adam-framework?: io.github.strangeadvancedmarketing/adam-framework is compatible with claude-desktop, cursor, claude-code. It uses stdio and sse and http transport.
Is io.github.strangeadvancedmarketing/adam-framework actively maintained?: io.github.strangeadvancedmarketing/adam-framework is recently maintained — last commit was 40 days ago. It has 40 GitHub stars.