Memories Api
PassAudited by VirusTotal on May 11, 2026.
Overview
Type: OpenClaw Skill Name: memories-api Version: 1.0.1 The skill is classified as suspicious primarily due to a hardcoded API key found in `scripts/memories_api.py` (sk-mavi-mjLNMGVXHt52ZPvEIkx5QrsQEv6Z52GjvXa0MISOgAP5ckMGBzybxfMH9B-1tvUNFhbmDlI8juoFtJjoQJQMhwno9qDBidAblsfJMwL1NTiAqtSYgXnZKrD-uWxHFWkZ). This is a significant vulnerability as it exposes a credential that could be misused. Additionally, the skill's SDK (`scripts/memories_sdk.py`) exposes file I/O capabilities (`upload_video`, `download_video`) and allows specifying a `callback_url` for async operations, which could be exploited via prompt injection to exfiltrate local files or redirect sensitive API results to an attacker-controlled server. While these capabilities are part of the stated functionality, their potential for misuse without clear malicious intent in the skill's code itself warrants a 'suspicious' classification.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Requests may run under an unknown account, which can expose submitted video URLs/prompts/results through that account, cause unexpected billing or quota use, and leaks the embedded credential itself.
The helper silently falls back to an embedded Memories.ai API key instead of requiring the user-declared MEMORIES_API_KEY.
if os.environ.get("MEMORIES_API_KEY"):
return os.environ["MEMORIES_API_KEY"]
# Default key from TOOLS.md
return "sk-mavi-mjLNMGVX..."Remove the hardcoded key, rotate it if it is real, require the user to supply MEMORIES_API_KEY explicitly, and declare the credential as the primary credential.
Transcript or video-analysis results for submitted videos could be delivered to a demo endpoint the user does not control.
Async MAI transcript jobs use a demo webhook automatically when the caller does not provide a callback URL.
DEFAULT_WEBHOOK = "https://demo.memories-ai.org/webhooks/memories/callback" ... data["callback_url"] = callback_url or DEFAULT_WEBHOOK
Do not use a default external webhook for user data. Require an explicit callback URL, clearly document who controls it and how results are stored, or default to polling instead.
If invoked with the wrong path or asset ID, the agent could upload a private video, write a downloaded file to an unintended location, or delete a Memories.ai asset.
The skill documents file upload/download and asset deletion operations, which are expected for a video operations API but can affect local files or remote assets.
# Upload local video
asset_url = client.upload_video("/path/to/video.mp4")
# Download video
client.download_video(video_url, "/path/to/save.mp4")
# Delete asset
client.delete_asset(asset_id)Use these operations only with explicit user-selected files and asset IDs, and confirm destructive actions such as deletion.