memories.sh CLI
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: memories-cli Version: 1.0.0 The memories-cli skill bundle provides instructions for an AI agent to manage and synchronize 'memories' and configuration files via the memories.sh service. It includes high-risk capabilities such as 'memories files ingest --global' and 'memories sync', which are designed to read and upload configuration data from sensitive global directories (e.g., ~/.cursor, ~/.claude, ~/.cline) to a remote cloud endpoint. While these features are documented as part of a 'persistent memory layer' for AI agents, the broad ingestion of global configuration files and the installation of git hooks ('memories hook install') for automation present a significant risk of sensitive data exposure and persistence.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A user or agent following the workflow could overwrite existing AI assistant configuration files without a review step.
The recommended restore workflow uses force flags for both global and project config restoration. This can overwrite AI-tool configuration files that affect future agent behavior.
# Machine B: Restore everything memories files apply --global -f # Restore global configs cd my-project memories files apply --project -f # Restore project configs
Use dry-run or diff/preview modes before applying synced files, back up existing configs, and avoid force flags unless the specific files and impact are understood.
Private agent instructions, project rules, or sensitive configuration content could be synced to the memories.sh cloud and later reused across tools or machines.
The workflow uploads the persistent memory database and broad global/project AI-tool configuration files to cloud sync. The artifacts do not describe exclusions, retention, or safeguards for sensitive instructions or private project data.
# Machine A: Upload everything memories login memories sync # Sync memory database memories files ingest --global # Upload global configs (~/.claude, ~/.cursor, etc.) memories files ingest --project # Upload project configs
Review exactly what files will be ingested before syncing, avoid storing secrets in memory/config files, and prefer dry-run or file listing commands before cloud upload.
Running the external CLI gives that package local execution ability under the user's account.
The skill instructs users to install or run an external npm package. This is central to the CLI-reference purpose, but the package implementation is not included in the provided artifacts.
npm install -g @memories.sh/cli # or: npx @memories.sh/cli
Verify the npm package provenance and version before installing globally or running with npx.
The CLI can use the authenticated cloud account to sync memory and configuration data.
Cloud sync requires authenticating to a memories.sh account. This is expected for sync, but it grants the CLI account-linked authority to sync memories and files.
### `memories login` Authenticate with memories.sh cloud. **Behavior:** Device code flow — opens browser, polls for auth (5 min timeout).
Only log in when cloud sync is needed, use the intended account, and run `memories logout` when finished on shared machines.
Future commits can automatically update agent instruction files, which may surprise users if memories have changed or were imported from untrusted sources.
The git hook is a disclosed persistence mechanism that continues to regenerate AI-tool config files after future commits.
## Git Hook Automation # Install the post-commit hook memories hook install ... The hook runs `memories generate` after each commit, keeping AI tool configs in sync with your latest memories.
Install the hook only in repositories where automatic config regeneration is desired, and use `memories hook uninstall` if it is no longer needed.
If configured broadly, other local or network clients may be able to interact with the memories MCP server.
The skill documents an MCP server with network/SSE options. The default localhost binding is safer, but changing host or enabling CORS can expose the memory service more broadly.
### `memories serve` Start the MCP server. **Options:** - `--sse` — Use HTTP/SSE transport instead of stdio - `-p, --port <port>` — Port for SSE (default: 3030) - `--host <host>` — Host to bind (default: 127.0.0.1) - `--cors` — Enable CORS
Keep the server bound to localhost unless remote access is required, and be cautious when enabling CORS or non-local host bindings.