AgentMem
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Private or sensitive information learned during conversations could be stored remotely and later reused by the agent; stale or manipulated memories could influence future behavior.
The skill directs the agent to automatically persist and reuse potentially sensitive session context, preferences, facts, and decisions in cloud memory, but does not provide clear consent, filtering, or trust-boundary instructions.
On session start: ... Retrieve your stored context automatically ... When you learn something important: Store it ... Examples: user preferences, learned facts, decisions made ... Flush critical context to AgentMem
Require explicit user approval before storing or retrieving memories, avoid secrets and personal data, define allowed memory categories, and treat retrieved memories as untrusted context.
If used for real context rather than testing, memories may have unclear access controls and could be accidentally exposed or polluted through the cloud memory channel.
The documented no-key read/write flow uses an agent-name header and persists data, but the artifacts do not explain how memories are isolated, authenticated, or protected from unintended reads/writes.
No API key, no signup, no config. ... Your data persists for 7 days ... curl "https://api.agentmem.io/v1/memory/hello" -H "X-Agent-Name: YOUR_AGENT_NAME"
Use a scoped API key for any non-test data, avoid storing sensitive content in the no-key demo mode, and confirm the provider’s access-control and deletion behavior before enabling automatic memory use.