Mema Brain

PassAudited by ClawScan on May 1, 2026.

Overview

Mema Brain appears coherent and purpose-aligned, but it intentionally stores document-path metadata and short-term Redis context that users should treat as potentially sensitive.

This skill looks benign for its stated purpose. Before installing, confirm you are comfortable with it creating ~/.openclaw/memory/main.sqlite, storing document paths and tags, and sending mental-state values to the configured Redis host. Prefer localhost or a trusted private Redis instance, and avoid placing secrets in the memory buffer.

Findings (3)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Low

#ASI06: Memory and Context Poisoning

What this means

Workspace paths, tags, and short-term context can persist beyond the current task and may influence later work if reused.

Why it was flagged

The skill intentionally stores reusable document metadata and short-term context. This is purpose-aligned, but users should avoid storing secrets or untrusted instructions that future agent sessions may over-trust.

Skill content

Stores file paths, titles, and tags... Purpose: Ephemeral state management and cross-session context passing. TTL: Default 6 hours

Recommendation

Use the memory store for non-secret metadata and context only; clear Redis mental state when it is no longer needed.

Info

#ASI04: Agentic Supply Chain Vulnerabilities

What this means

A future install may receive a newer Redis Python package version than the one originally tested by the skill author.

Why it was flagged

The dependency is specified with a lower-bound version rather than an exact pin. This is common and purpose-aligned for Redis support, but it makes installs less reproducible.

Skill content

redis>=5.0.0

Recommendation

If reproducibility matters, pin dependency versions in a controlled environment before installing.

Low

#ASI09: Human-Agent Trust Exploitation

What this means

A user might assume Redis mental-state data never leaves the machine, even though a remote REDIS_HOST would receive it.

Why it was flagged

The local-only statement is accurate only when the configured Redis instance is local or otherwise trusted; the same artifact acknowledges REDIS_HOST can point elsewhere.

Skill content

Data Privacy: All data is stored locally. Network Safety: Only point REDIS_HOST to trusted instances.

Recommendation

Keep REDIS_HOST on localhost or a trusted private Redis instance, and do not store sensitive values unless the Redis deployment is secured.