Skillv1.0.7

ClawScan security

Memori · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignMar 12, 2026, 5:22 PM

Verdict: benign
Confidence: medium
Model: gpt-5-mini
Summary: The skill is internally consistent with its stated purpose (long-term memory via Memori) but it will automatically send entire conversation turns to a third-party backend and requires an API key that may be persisted in your config — review vendor trust and data exposure before installing.
Guidance: This skill appears to be what it says: a Memori-backed automatic memory plugin. Before installing: - Confirm the plugin/package source (npm and GitHub links) match an official MemoriLabs release and check maintainers. If the package is not from the vendor, do not install. - Understand that every conversation turn may be sent to memorilabs.ai by default. Avoid sharing passwords, API keys, or other secrets in chats while the plugin is enabled. - Be careful how you store the MEMORI_API_KEY: putting it into ~/.openclaw/openclaw.json may persist it in plaintext. Prefer environment-only injection or a secrets manager if available, and rotate the key if exposed. - Review Memori's privacy policy and data retention controls; verify how to delete or limit stored memories and how 'privacy filtering' is implemented. - If you need tighter control, do not enable the plugin globally; consider using it only in controlled contexts or creating a restricted service account/key with limited scope. If you want higher assurance, ask the publisher for a signed release, verify the npm/GitHub package contents, and audit the installed plugin code before enabling it in production.

Review Dimensions

Purpose & Capability: okThe name/description map to the declared requirements: the skill needs a Memori API key, an entity ID, and a 'memori' CLI binary, all of which are reasonable for a plugin that integrates with the Memori service and shows 'memori quota' examples. The SKILL.md consistently describes using OpenClaw lifecycle hooks to inject and store memories, so required pieces align with the stated purpose.
Instruction Scope: concernThe runtime instructions explicitly state that every conversation turn (user + assistant) is captured and sent to https://api.memorilabs.ai automatically via lifecycle hooks with 'zero commands' required. That behavior is consistent with a memory plugin, but it means all conversation content (potentially including secrets) is transmitted to a third party by default. The SKILL.md also instructs storing the apiKey in openclaw.json and shows commands that could expose the key if mishandled (e.g., echo $MEMORI_API_KEY).
Install Mechanism: noteThis is an instruction-only skill with no install spec in the registry; the documentation tells you to install a plugin package (openclaw plugins install @memorilabs/openclaw-memori) and references an npm package and GitHub repo. That lowers registry-level risk (no hidden downloads), but the skill depends on external installation of the plugin and the 'memori' CLI which the registry does not manage or verify.
Credentials: noteOnly MEMORI_API_KEY and ENTITY_ID are required, which are proportional to a third-party memory service. However, the recommended configuration writes the apiKey into ~/.openclaw/openclaw.json (via config with ${MEMORI_API_KEY}), which may persist the secret in plaintext and increase exposure risk. The SKILL.md's claim that the backend filters secrets is a vendor assertion and should not be treated as guaranteed protection.
Persistence & Privilege: noteThe skill does not request always:true and uses normal autonomous invocation (disable-model-invocation:false). However, once installed and enabled in openclaw.json the plugin runs automatically via lifecycle hooks and will persistently send conversation data to the Memori backend. That persistent, automatic behavior combined with network transmission of conversation data is the main operational privilege to consider.