Pieces Long-Term Memory (MCP)
Security checks across static analysis, malware telemetry, and agentic risk
Overview
The skill is coherent for connecting OpenClaw to Pieces memory, but it asks users to expose a long-term-memory MCP server over a tunnel and lets the agent read/write memory without clear access-control or retention boundaries.
Install only if you intentionally want OpenClaw to access Pieces Long-Term Memory. Prefer an authenticated/private tunnel, verify the MCP URL, close the tunnel when done, and explicitly control what the agent is allowed to search or store in memory.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If the tunnel or URL is mishandled, a sensitive memory service may be reachable by unintended parties or by an untrusted MCP endpoint.
The skill instructs the user to expose the PiecesOS MCP server through a public or custom HTTPS tunnel. The provided artifact shows a reachability check but no authentication, identity verification, or access-control requirements for the tunneled MCP endpoint.
A tunnel is available to expose the MCP server. Options include: ... `ngrok http 39300` ... Any HTTPS proxy that forwards to `localhost:39300`
Use a private or authenticated tunnel, restrict access to the MCP endpoint, verify the URL and server identity before connecting, do not share the tunnel URL, and close the tunnel when finished.
Private or stale information in long-term memory could influence future answers, and sensitive data could be stored persistently if the agent creates memories too broadly.
The skill gives the agent access to retrieve from and write to persistent external memory, and tells it to use those tools during reasoning. The provided artifact does not show clear limits for what is searched or stored, retention, deletion, or confirmation before creating memories.
use Pieces as external long-term memory ... Use Pieces tools (`ask_pieces_ltm`, `create_pieces_memory`, `*_full_text_search`) in your reasoning
Require explicit user approval before creating new memories, avoid storing secrets, limit searches to the current task, and review Pieces memory retention and deletion controls.
Users may need to install or configure external tools outside the registry’s reviewed install flow.
The skill relies on external helper tooling, while the supplied registry metadata says there is no install spec and no required binaries. This is not inherently unsafe, but it leaves tool provenance and versioning to the user.
Bridge: MCPorter + `mcp-remote` ... `mcp-remote` connects to the remote `/mcp` endpoint and exposes it to OpenClaw.
Install MCPorter, mcp-remote, ngrok, and related tools only from trusted sources, prefer pinned versions, and document these dependencies in the skill metadata.