Pieces Long-Term Memory (MCP)
WarnAudited by ClawScan on May 10, 2026.
Overview
The skill has a coherent Pieces memory purpose, but it asks users to expose a long-term-memory MCP server over a tunnel and lets the agent read/write persistent memory without clear access controls.
Only install this if you intentionally use PiecesOS long-term memory and understand that exposing the MCP server through a tunnel can make sensitive memory data reachable. Prefer authenticated/private tunnels, keep the URL secret, close the tunnel when finished, and ask the agent to get your approval before searching or creating memories.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Anyone or anything that can reach the tunnel URL may be able to interact with the Pieces MCP endpoint, which could expose or alter long-term memory data.
The instructions route a memory-bearing MCP server through a tunnel or proxy. The provided artifacts do not show authentication, allowlisting, or clear origin restrictions for that endpoint.
runs PiecesOS with LTM enabled on another machine and exposes the MCP server via a tunnel (ngrok, custom domain, or any HTTPS proxy)
Use an authenticated or allowlisted tunnel, VPN, or local-only connection where possible; keep the URL private, verify the endpoint, and close the tunnel when not in use.
Private work history or inaccurate stored memories could be pulled into later tasks, and new memories could persist beyond the current conversation.
This shows the agent may retrieve, search, and create persistent external memory and then use it as context. The provided artifact does not show clear limits on what may be stored, retrieved, trusted, or reused.
Use Pieces tools (`ask_pieces_ltm`, `create_pieces_memory`, `*_full_text_search`) in your reasoning.
Require explicit user approval before writing memories, limit retrieval to user-approved topics, treat retrieved memory as untrusted context, and provide a way to review and delete stored memories.
The local machine will contact the supplied endpoint; if the URL is wrong or untrusted, connection metadata may be exposed and the agent may interact with an unintended service.
The skill instructs a network diagnostic call to a user-provided URL. This is expected for MCP setup, but users should verify the URL before allowing the agent to contact it.
Always run this GET request first ... `curl -i "MCP_URL_MCP"`
Only use a tunnel URL you created and trust, and confirm it points to the intended Pieces MCP endpoint before continuing.
Users may need to install or run external tools outside the reviewed skill package.
The skill depends on external tooling, while the supplied package has no code files or install specification to pin or verify those tools.
Bridge: MCPorter + `mcp-remote`
Install MCPorter, mcp-remote, ngrok, and related tools only from official sources, prefer pinned versions, and avoid running unverified setup commands.