ClawHub

Smara Memory

v1.0.0

Persistent memory for AI agents — store, search, and recall user context via the Smara Memory API

0· 76·0 current·0 all-time
by@parallelromb
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Pending
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description, examples, and requested env var (SMARA_API_KEY) all match a memory/storage service. No unrelated credentials, binaries, or config paths are requested.
Instruction Scope
SKILL.md only instructs the agent to call Smara API endpoints (store, search, get context, delete) and to extract facts from conversations. This is within scope, but the instructions imply storing user facts which can include sensitive personal data—understand privacy/retention implications before enabling automatic storage.
Install Mechanism
Instruction-only skill with no install spec or code files; nothing will be written to disk by an installer. This is the lowest-risk install model.
Credentials
Only a single API key (SMARA_API_KEY) is required and is the declared primary credential. This is proportionate to a remote memory service.
Persistence & Privilege
always is false and the skill is user-invocable; model invocation is allowed (default). Autonomous use plus persistent memory is expected for this skill but increases the impact if the external service or key is compromised—consider limiting scope and monitoring usage.
Assessment
This skill is coherent for storing and recalling conversation memory, but before installing: (1) Verify Smara (https://smara.io) and read their privacy/retention/security docs; (2) Use a scoped API key and rotate/revoke it if needed; (3) Avoid automatically storing highly sensitive PII (SSNs, full credit card numbers, medical records); (4) Decide whether the agent may auto-store facts or should require user consent for persistent storage; (5) Monitor API usage and logs for unexpected activity. If you need stronger guarantees, ask the provider about encryption-at-rest, data deletion policies, and whether you can redact or hash identifiers before sending.

Like a lobster shell, security has layers — review code before you run it.

latestvk97d0ggg4dqk445yp1101xnp6983xymq

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🧠 Clawdis
EnvSMARA_API_KEY
Primary envSMARA_API_KEY

Comments