Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
mem0 Local Memory
v1.2.0Local long-term memory plugin for OpenClaw using mem0 + ChromaDB. Gives all agents persistent cross-session semantic memory with auto-recall and auto-capture...
⭐ 1· 85·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The declared purpose (local mem0 memory using DeepSeek for LLM extraction, DashScope for embeddings, and ChromaDB for storage) matches the instructions and included scripts. However the registry metadata lists no required environment variables or primary credential while the SKILL.md explicitly requires DeepSeek and DashScope API keys — an incoherence between metadata and runtime requirements.
Instruction Scope
Runtime instructions and the import script read MEMORY.md and TOOLS.md from multiple ~/.openclaw/workspace-* directories and POST parsed text to the mem0 server (which in turn uses third‑party DeepSeek/DashScope APIs). This is in-scope for 'import memories' but is high-risk privacy-wise: it aggregates data across agent workspaces, unifies user_id to 'openclaw' (removing per-agent isolation), and sends text snippets to external APIs. SKILL.md warns the user, but the script will import everything by default unless manually edited.
Install Mechanism
There is no platform install spec (instruction-only), which keeps risk lower. The included setup.sh creates a Python venv and runs pip install -r requirements.txt. The requirements.txt file is not present in the provided package snapshot (inconsistency) — installation will pull packages from PyPI (mem0ai, chromadb, flask, openai mentioned). This is expected but grants network access and executes third-party code.
Credentials
The skill legitimately needs DeepSeek and DashScope API keys for its stated LLM/embedding tasks, and the SKILL.md asks the user to set MEM0_LLM_API_KEY and MEM0_EMBEDDER_API_KEY. However the registry metadata did not declare these env vars (metadata mismatch). The instructions also show placing keys directly into systemd/launchd service files (plaintext in unit/plist), which can expose secrets if those files are accessible. The import script uses MEM0_URL env var (default 127.0.0.1) — if altered, it could cause memories to be POSTed to a remote endpoint.
Persistence & Privilege
The skill does not request always:true and is user-invocable; it suggests installing a long-running mem0 server via launchd or systemd, which is expected for a local memory service. That does require storing API keys or environment variables in persistent service configuration (systemd/unit/plist), which increases exposure if service files are misconfigured or world-readable. Autonomous invocation is allowed by default (normal for skills) and not by itself a sufficient concern.
What to consider before installing
Before installing: (1) Understand the data flow — the import script will read MEMORY.md and TOOLS.md from multiple ~/.openclaw/workspace-* directories and POST snippets to the local mem0 server; that server will send text to DeepSeek and DashScope (third-party services). Review those workspace files and remove any secrets or sensitive content first. (2) Metadata mismatch: the registry claims no required env vars but SKILL.md requires MEM0_LLM_API_KEY and MEM0_EMBEDDER_API_KEY — expect to provide those. (3) Avoid placing API keys in world-readable systemd/plist files; limit file permissions or use a secure secret mechanism. (4) Confirm requirements.txt in the upstream repo before running setup.sh; consider running setup inside an isolated VM/container first. (5) If you need stricter privacy, consider replacing third-party embedder/LLM with a local-only option or ensure you trust DeepSeek/DashScope's data handling policy. (6) If you proceed, run the import script only after auditing and optionally editing the WORKSPACES dict to import selectively rather than everything.Like a lobster shell, security has layers — review code before you run it.
latestvk9799jhhbk53qvvgb23yg2cwtx8402mw
License
MIT-0
Free to use, modify, and redistribute. No attribution required.