Clude Memory MCP
WarnAudited by ClawScan on May 10, 2026.
Overview
This is not clearly malicious, but it asks for powerful Supabase access and creates persistent memories with external Claude/Solana data flows that are not tightly scoped.
Install only in a sandbox with a dedicated Supabase project and disposable keys. Review and pin the clude-bot package source first, avoid storing secrets, confirm whether Solana commitments can be disabled, and understand that ask_clude may send context to Claude and incur cost.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If used with a real Supabase project, the skill or installed package could have more database authority than the user expects.
A Supabase service key is a privileged server-side credential, and the artifacts do not limit it to a dedicated project, specific tables, or least-privilege operations.
Set `SUPABASE_URL` and `SUPABASE_SERVICE_KEY` environment variables.
Use only a fresh dedicated Supabase project or a least-privilege backend token; do not provide a production service key, and rotate any key used for testing.
Incorrect, private, or maliciously framed memories could be retained and influence future agent behavior or be recalled in later sessions.
The skill stores long-lived behavior and identity memories, but the artifacts do not describe review, deletion, ownership isolation, or protections against false/injected memories being reused later.
Memories persist across conversations... `procedural` (behaviors), `self_model` (identity)
Do not store secrets; require user review for important memories; add delete/export controls, per-user isolation, and clear rules that recalled memory is untrusted context.
Even hashed memory commitments can create irreversible public metadata, possible fees, and privacy risk if sensitive content is guessable.
Stored memories are described as being committed to a public blockchain, but the store_memory interface does not show a per-memory confirmation or opt-out.
On-chain commitment: SHA-256 hashed memories committed to Solana via memo transactions
Make blockchain commitment explicitly opt-in, show the destination/network and cost before use, and avoid committing hashes of sensitive memories.
Users cannot verify from these artifacts exactly how the package uses the Supabase service key, Claude API, or Solana commitments.
The provided manifest does not include these core implementation modules, while SKILL.md tells users to install an npm package; the credential-handling and external-call code is therefore not fully covered by the provided artifacts.
import { recallMemories, storeMemory, getMemoryStats, type MemoryType } from '../core/memory'; ... import { generateResponse } from '../core/claude-client';Review and pin the npm package source before installation, prefer a locked version, and test only with disposable credentials.
Questions or context supplied to this tool may leave the local agent environment and incur provider costs.
The tool openly sends a question and optional context to an external Claude API call; this is purpose-aligned but important for users to notice.
'Ask Clude a question and get an in-character response. This calls the Claude API (~$0.03 per call).'
Avoid sending secrets or sensitive recalled memories to ask_clude unless you trust the configured Claude API path and accept the cost.