Memoria
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Private details shared in conversation could be saved permanently and later reused by the agent even if the user did not intend them to become memory.
The skill explicitly instructs the agent to persist broad personal and sensitive information without waiting for a user request, creating overbroad long-term memory and reuse risk.
### What to capture (proactively, without being asked) ... Human shares personal info (name, location, health, settings) ... **If in doubt, store it.**
Only use this skill with clear user consent, define what must never be stored, and consider adding confirmation or redaction for sensitive categories such as health, location, credentials, and relationships.
Sensitive memories may be copied from the local vault into Notion without a separate review step for each item.
After Notion is configured, stored memories can be sent to an external provider automatically, which is risky when the same instructions encourage broad proactive memory capture.
This enables **auto-sync**: every `memoria remember` and `memoria store` call will automatically push to Notion after saving locally. No separate sync step needed.
Keep auto-sync disabled unless needed, use a tightly scoped Notion integration/page, and review or filter memories before pushing them to Notion.
The agent may create, update, and sync memory records as part of normal operation even when the user did not specifically ask it to save or upload that information.
The skill directs routine autonomous command execution and syncing, rather than limiting storage and remote sync actions to explicit user requests.
Run at the start and end of every session ... memoria wake ... memoria sleep ... memoria sync --push # always sync after storing
Require explicit confirmation for storing or syncing sensitive memories, and avoid blanket instructions such as always syncing after every store.
Anyone or any process with access to the vault config may be able to use the stored Notion integration token within its Notion permissions.
The Notion integration token is saved into the vault configuration and used for sync; this is purpose-aligned, but it is still a sensitive credential.
config.notion = { token: options.token, rootPageId: options.page }; config.autoSync = true; await writeConfig(config);Protect the vault directory, use a least-privileged Notion integration shared only with the intended page, and rotate the token if the vault may have been exposed.
Users may need to trust a globally installed npm package without registry-provided source provenance.
The skill documentation includes npm-based CLI installation, but the registry metadata does not provide a source/homepage or formal install spec, so package provenance is less clear.
Source: unknown; Homepage: none; Install specifications: No install spec — this is an instruction-only skill.
Verify the npm package owner and source repository before global installation, and prefer pinned versions or reviewed source.