AgentMem

Key things to consider before installing: - Privacy risk: The skill's core behavior is to send and retrieve agent context to a third-party (api.agentmem.io). By default examples show storing data without an API key and publishable 'public' memories. Do NOT store secrets, passwords, PII, or other sensitive context unless you fully trust the service and its retention policy. - Billing risk: Writes are free but reads are billable. SKILL.md suggests agents should auto-check /v1/bootstrap on session start. If your agent invokes the skill autonomously, it may perform reads frequently and incur charges (or exhaust free calls). Only provide an API key if you understand the cost model and usage patterns. - Provenance: There is no homepage or source repository listed and the owner is an opaque ID. Consider verifying the service (agentmem.io) independently, checking its privacy/security policy, and ensuring the domain is legitimate before sending any real data. - Operational mismatch: demo.sh uses jq but the skill metadata lists no required binaries. If you run the demo locally, ensure jq is installed, and review demo.sh to understand what it sends to the service (it uses a public/demo token). - Safer alternatives: If you need persistent memory but worry about privacy, prefer a self-hosted store or a memory provider from a vendor you control. If you still want to try this skill, restrict the data sent (use synthetic/test data), monitor network calls and billing, and avoid enabling automatic/unbounded sync of agent context. If you want, I can: (1) extract every curl command the skill will run and highlight which leak agent-local data, (2) draft a safe SKILL.md variant that warns about sensitive data and disables automatic bootstrap, or (3) suggest alternative self-hosted memory designs.