Memi
ReviewAudited by ClawScan on May 10, 2026.
Overview
Memi is purpose-aligned as a personal CRM, but it stores sensitive relationship memory and can use Google Gmail/Calendar/Contacts OAuth access without clearly bounded scope.
Install only if you are comfortable with a persistent local relationship database. If you use Google integration, first review gog’s OAuth scopes and require explicit approval before letting the agent scan Gmail, Calendar, or Contacts.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If enabled, the skill may be able to read very sensitive Google account data, including email, calendar events, and contacts, with unclear boundaries.
This shows the skill can use delegated Google account access for Gmail, Calendar, and Contacts. The artifacts do not specify OAuth scopes, approval prompts, read limits, or exact outputs, while the metadata lists no primary credential.
- `gog` (optional) — Google Calendar, Gmail, and Contacts integration ... Google integration (via gog) uses your own OAuth credentials.
Before using Google integration, verify the gog OAuth scopes, use the least-privileged account possible, and require explicit approval before scanning Gmail, Calendar, or Contacts.
Sensitive social and personal details may persist across sessions and be reused in future interactions.
The skill creates durable local memory containing relationship details, preferences, promises, and interaction history.
Store everything in a SQLite database at `~/.local/share/memi-ri/memi.db`... contacts ... contact_preferences ... commitments ... interactions
Treat the database as sensitive, back it up or delete it intentionally, and avoid adding information you do not want retained.
A compromised or untrusted gog binary could affect the safety of Google account access.
The skill is instruction-only and relies on external binaries already present on the machine, including gog for Google integration, but the artifacts do not provide a trusted source or provenance for gog.
Source: unknown; Homepage: none; Required binaries (all must exist): sqlite3; Required binaries (at least one): gog
Install gog only from a trusted source and confirm which executable is on your PATH before enabling Google features.