MemoryLayer

This skill is a straightforward client for a remote MemoryLayer service and mostly does what it says, but there are a few things to check before installing: - Credential mismatch: The package registry metadata says no env vars are required, but both SKILL.md and the code expect either MEMORYLAYER_API_KEY or MEMORYLAYER_EMAIL and MEMORYLAYER_PASSWORD. Confirm which credentials are required and where they'll be stored. - Remote data flow: Using the skill will send stored memories (the content you pass to remember()) to https://memorylayer.clawbot.hk. Do not send secrets, private keys, or highly sensitive personal data unless you have reviewed the service's privacy/security policy and trust the operator. - Prefer API key: Use an API key with least privilege over an account email/password where possible. Avoid putting credentials in source files; use environment variables or secret management. - Verify publisher and code: The repo URL and homepage are present — inspect the upstream GitHub repo, check commit history, and verify the domain TLS cert and privacy policies. If you need higher assurance, run the package in an isolated environment first or prefer the advertised self-hosted Enterprise option. - Ask for clarification: If you plan to install this into a production or highly-privileged agent, ask the publisher to correct the registry metadata to declare required env vars and to provide an audited package release. Given the metadata inconsistency but otherwise coherent behavior, treat the skill as potentially useful but verify credentials handling and trust of the remote service before use.