Agent Memory Store
Security checks across malware telemetry and agentic risk
Overview
This is a real shared memory server, but it exposes persistent agent memories over an unauthenticated network port and may send memory text to OpenAI if an API key is present.
Install only if you are comfortable running an unauthenticated local memory service. Keep it firewalled or localhost-only, avoid storing secrets, disable or explicitly configure OpenAI embeddings, and periodically review or delete the SQLite memory database.
VirusTotal
64/64 vendors flagged this skill as clean.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Any process or network peer that can reach port 8768 could read, add, or delete stored memories.
The memory API listens on all network interfaces, and the handlers implement listing, storing, and deleting memories without any authentication or approval check.
HTTPServer(("0.0.0.0", PORT), Handler).serve_forever()Bind to localhost by default, require an access token, enforce owner checks for reads/deletes, and document the exposure clearly.
False or malicious memories could persist across sessions and influence future agent behavior, while private memories may be retrievable outside the intended agent context.
The skill is explicitly designed to persist and share memory across agents; combined with the unauthenticated API, untrusted entries can be stored and reused later.
Shared semantic memory store for AI agents. Store, search, and retrieve memories across agents with TTL decay. SQLite persistence — survives restarts.
Add authentication, provenance tracking, per-agent namespaces, default-private access controls, memory review/deletion controls, and clear retention rules.
Sensitive memory text or queries may leave the local environment and be processed by OpenAI without the user realizing this skill will do so.
When OPENAI_API_KEY exists, memory content and search queries are sent to OpenAI for embeddings, but this provider data flow is not disclosed in SKILL.md or the registry credential declarations.
payload = json.dumps({"input": text[:2000], "model": "text-embedding-3-small"}).encode(); req = urllib.request.Request("https://api.openai.com/v1/embeddings", data=payload, headers={"Authorization": f"Bearer {OPENAI_KEY}"Require explicit opt-in for remote embeddings, disclose the OpenAI data flow, and provide a local-only mode that is the safe default.
The skill could consume the user's OpenAI account quota and use a credential the user did not intentionally grant to this memory server.
The code uses an existing OpenAI API key if it is present, while the supplied metadata states there are no required environment variables and no primary credential.
OPENAI_KEY = os.getenv("OPENAI_API_KEY", "")Declare OPENAI_API_KEY as an optional credential, require explicit configuration before use, and show when remote embeddings are enabled.