memic
ReviewAudited by ClawScan on May 1, 2026.
Overview
Memic appears to be a coherent SDK guide for uploading and searching documents or databases, but users should remember it sends data to a managed service using an API key.
This skill looks coherent for integrating Memic. Before installing, verify the `memic` package source, use a scoped API key, upload only documents you intend to store in Memic, review database connector permissions if used, and be careful when injecting retrieved content into LLM prompts.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Installing the wrong or compromised package could affect the local Python environment.
The skill instructs installation of the Memic Python package without a pinned version or lockfile. This is normal for an SDK quick start, but package provenance still matters.
pip install memic
Install from the expected package registry, verify the package name and publisher, and pin versions in production projects.
Anyone or any agent using the key may access the Memic resources allowed by that key.
The API key gives the SDK delegated access to Memic organization, project, and environment context. That access is expected for the integration, but it is still account-scoped authority.
Your API key auto-resolves all context (org, project, environment) — no IDs needed in API calls.
Use a least-privilege Memic API key, store it securely, rotate it if exposed, and avoid sharing it across unrelated projects.
Private documents uploaded to Memic may be indexed and retrieved later as context for model responses.
Uploaded documents are transformed into persistent searchable context. This is central to Memic's purpose, but it can involve private documents and later reuse in LLM prompts.
Memic handles the entire pipeline — document ingestion, chunking, embedding, vector storage — and gives you a single search API that returns only the relevant pieces.
Upload only intended documents, review Memic retention/deletion controls, and consider excluding secrets, credentials, or highly sensitive personal data.
A developer may copy an example that depends on an internal API surface and sends questions to Memic's chat endpoint.
The example uses a lower-level private SDK request helper for a chat endpoint rather than a typed public method. The action is purpose-aligned, but endpoint behavior is less self-documenting.
response = client._request(
"POST", "/sdk/chat",
json={"question": "Summarize the Q4 results", "top_k": 5}
)Prefer documented SDK methods when available and confirm what data the chat endpoint sends, stores, and returns.