Agentmemo
ReviewAudited by ClawScan on May 1, 2026.
Overview
AgentMemo is a clearly disclosed cloud memory and approval integration, but it will send and persist agent memories and approval context in AgentMemo’s service and may use an npm MCP server.
Install this only if you are comfortable using AgentMemo as a cloud memory and approval service. Avoid storing secrets or highly sensitive personal/business data unless your policies allow it, protect the AGENTMEMO_API_KEY, and review or delete stored memories when they are no longer needed.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Information saved as memory may affect future agent behavior, and sensitive or inaccurate memories could be reused later.
The skill intentionally creates persistent cloud memory that can be recalled across sessions and models.
Your agent's memory content is sent to and stored on AgentMemo's servers.
Only store information you are comfortable keeping in AgentMemo; avoid secrets, review/delete memories periodically, and consider requiring user confirmation before saving sensitive context.
The API key authorizes access to the user’s AgentMemo account features and should be treated as sensitive.
The skill uses an account API key for the AgentMemo service; this is expected for the integration but is still a credential boundary.
Requires: A free API key from [agentmemo.net](https://agentmemo.net) — set as `AGENTMEMO_API_KEY` in your OpenClaw environment
Store the key only in the intended environment configuration, avoid pasting it into chats or files, and rotate it if it may have been exposed.
Using the MCP option means local execution of the npm package that provides the AgentMemo tools.
The skill can install and run an external npm MCP server package; this is aligned with the MCP purpose but depends on package provenance.
node | package: agentmemo-mcp | creates binaries: agentmemo-mcp
Install the MCP package only from the expected source, pin or verify the package version where possible, and skip the MCP install if using only the REST/API instructions.
Sensitive details included in approval requests may be transmitted to the AgentMemo service as part of the intended approval workflow.
Approval requests send action descriptions and context through AgentMemo’s cloud approval gateway.
curl -X POST https://api.agentmemo.net/approve ... -d '{"action": "Send email to client@example.com", "context": "Draft is ready for review"}'Keep approval prompts concise, avoid including unnecessary secrets or private data, and ensure the human approver channel is appropriate for the action being reviewed.