ClawHub

MemoryLayer

AdvisoryAudited by Static analysis on May 10, 2026.

Overview

Detected: suspicious.env_credential_access, suspicious.exposed_secret_literal

Findings (3)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

NoteHigh Confidence
ASI03: Identity and Privilege Abuse
What this means

The skill can access the user's MemoryLayer account and the memories stored there using the configured credentials.

Why it was flagged

The client uses MemoryLayer account credentials or an API key and submits email/password to the configured API login endpoint. This is aligned with the service, but it gives the skill delegated account access.

Skill content
this.email = options.email || process.env.MEMORYLAYER_EMAIL; ... this.apiKey = options.apiKey || process.env.MEMORYLAYER_API_KEY; ... await axios.post(`${this.apiUrl}/auth/login`, { email: this.email, password: this.password });
Recommendation

Prefer an API key if available, rotate it if exposed, and verify MEMORYLAYER_URL points only to the intended MemoryLayer or trusted self-hosted endpoint.

NoteHigh Confidence
ASI06: Memory and Context Poisoning
What this means

Sensitive, incorrect, or maliciously influenced memories could persist and be reused in later prompts.

Why it was flagged

Arbitrary memory content is persisted to the remote API and later returned as formatted prompt context, so stored memories can influence future agent behavior.

Skill content
await axios.post(`${this.apiUrl}/memories`, { content, ... }); ... lines.push(`- ${result.memory.content} (relevance: ${result.relevance_score.toFixed(2)})`);
Recommendation

Avoid storing secrets or highly sensitive details, periodically review/delete stored memories if the service supports it, and have agents treat retrieved memories as context rather than authoritative instructions.

Findings (3)

critical

suspicious.env_credential_access

Location
index.js:5
Finding
Environment variable access combined with network send.
critical

suspicious.env_credential_access

Location
python/memorylayer_skill.py:46
Finding
Python code POSTs credential environment variables to an environment-controlled URL.
critical

suspicious.exposed_secret_literal

Location
index.js:7
Finding
File appears to expose a hardcoded API secret or token.