Mem0 Config

Security checks across malware telemetry and agentic risk

Overview

This skill is a coherent setup and troubleshooting guide for a long-term memory plugin, with privacy considerations that are expected for that purpose.

Install this only if you want OpenClaw agents to retain and reuse long-term memories. Review whether to use local open-source mode or Mem0 platform mode, keep the API key in an environment variable, consider disabling autoCapture or autoRecall if you need opt-in memory, avoid storing secrets, and periodically inspect or delete stored memories.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The skill prominently describes automatic long-term memory capture and recall across agent turns, including storage of user facts and searchable memories, but it does not include a clear privacy warning, consent requirement, retention explanation, or guidance on sensitive data handling. Because this plugin persists user information and exposes tools to search, list, store, and delete memories, users may unknowingly have personal or sensitive data retained and later resurfaced.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal