Memory Cache
Security checks across static analysis, malware telemetry, and agentic risk
Overview
The Redis cache mostly matches its purpose, but its scan command can enumerate Redis keys outside the documented mema: namespace.
Install only if you are comfortable giving the skill access to the configured Redis database. Prefer a dedicated Redis DB, avoid storing secrets, set TTLs for session context, and fix or review the scan behavior before using it on a shared Redis instance.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
66/66 vendors flagged this skill as clean.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If this skill connects to a Redis database used by other apps or teams, it may reveal key names outside the cache area the user expected.
The default scan pattern is '*', and patterns containing '*' are not forced under the mema: prefix, so the command can enumerate all Redis keys or arbitrary non-mema patterns despite the documented namespace restriction.
p_scan.add_argument("pattern", default="*", nargs="?", help="Glob pattern (default: mema:*)") ... if not pattern.startswith(KEY_PREFIX) and "*" not in pattern: ... return list(r.scan_iter(match=pattern, count=count))Use a dedicated Redis database for this skill, or change scan_keys so every scan pattern is constrained to mema:* unless the user explicitly approves broader enumeration.
Agents may later read cached context or state that is stale, sensitive, or written by another agent.
The skill is intended to store agent context and persistent/shared state in Redis, which is purpose-aligned but can preserve sensitive or untrusted data for later reuse.
Use for: (1) Saving agent state, (2) Caching API results, (3) Sharing data between sub-agents ... `mema:state:*` – Persistent state.
Avoid storing secrets or raw private content, prefer short TTLs for context/cache keys, and treat retrieved cache contents as untrusted unless you know who wrote them.
Installing the skill may pull current package versions from the package index, which is normal for Python tools but less reproducible than pinned dependencies.
The Python dependencies are declared with lower-bound version ranges rather than exact pins, so future installs may resolve to newer package versions.
redis>=5.0.0 python-dotenv>=1.0.0
Review or pin dependency versions in controlled environments, especially if this skill will run in production or with access to shared Redis data.
A Redis URL or password could grant the skill access to more data than just this cache if it points to a shared database.
The skill expects Redis connection settings that may include authentication and access to a Redis database; this is expected for the cache purpose, but should be scoped carefully.
REDIS_URL=redis://localhost:6379/0 # REDIS_PASSWORD=
Provide a dedicated Redis database or restricted Redis user where possible, and do not reuse credentials for unrelated production data.