Omi Me
SuspiciousAudited by ClawScan on May 10, 2026.
Overview
The skill mostly matches its Omi.me integration purpose, but its API token handling has concrete safety issues that could expose or mishandle your Omi account token.
Install only if you are comfortable giving this skill access to your Omi.me memories, tasks, and conversations. Before use, fix or verify the API_URL/OMI_API_URL issue, restrict permissions on ~/.config/omi-me/token, avoid printing the token into chat or logs, and require explicit confirmation before update or delete commands.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Your Omi API token could be sent to the wrong server if API_URL is set in the environment, or the CLI may fail in normal use because it does not use the documented OMI_API_URL value.
The script documents and defaults OMI_API_URL, but the authenticated curl request uses API_URL. API_URL is not declared in the skill metadata or setup instructions, so a generic environment variable could redirect bearer-token requests away from the intended Omi endpoint.
export OMI_API_URL="${OMI_API_URL:-https://api.omi.me/v1/dev}" ... -H "Authorization: Bearer $OMI_API_TOKEN" ... "${API_URL}/$endpoint"Change the request URL to use OMI_API_URL, declare any endpoint override explicitly, and validate that authenticated requests only go to the intended Omi.me API host by default.
Depending on the system umask, the saved token file may be readable by other local users or processes with access to your home directory.
The setup script can persist the API token from the environment to ~/.config/omi-me/token, but this branch does not apply chmod 600 after writing the secret.
if [ -n "$OMI_API_TOKEN" ] && [ ! -f "$TOKEN_FILE" ]; then ... echo "$OMI_API_TOKEN" > "$TOKEN_FILE"
After writing the token file, set restrictive permissions such as chmod 600 on the token file and preferably chmod 700 on the config directory.
If the agent or user runs the wrong command, personal Omi data could be changed or deleted.
The skill exposes deletion and mutation operations for Omi memories, tasks, and conversations. This is disclosed and purpose-aligned, but it is high-impact account mutation capability.
`omi memories delete <id>` ... `omi tasks delete <id>` ... `omi conversations delete <id>`
Use explicit user approval for update/delete actions, verify object IDs before destructive commands, and consider backups or recovery options before broad changes.
Running setup may change which `omi` or `omi-token` command is executed on the machine.
The user-run setup script installs command symlinks into /usr/local/bin when possible. This is a normal CLI setup pattern, but it changes a global PATH location and can overwrite existing symlinks with the same names.
ln -sf "$SCRIPT_DIR/omi-cli.sh" /usr/local/bin/omi 2>/dev/null || true
Review the script before running it, avoid running it with unnecessary elevated privileges, and consider installing symlinks in a user-local bin directory instead.
Personal memories, tasks, and conversation data may be exposed to the agent session or changed through the integration.
The skill is designed to read and write persistent personal memory-like data from Omi.me. That is central to the purpose, but it means sensitive personal context can be retrieved, modified, or reused.
sync and manage memories, action items (tasks), and conversations
Only connect an Omi account you intend the agent to access, review sensitive results before sharing them further, and be cautious about creating or syncing private memories.