Evermemos
ReviewAudited by ClawScan on May 10, 2026.
Overview
This appears to be a legitimate EverMemOS memory integration, but it tells the agent to automatically save conversation details into long-term memory without clear consent, retention, or deletion controls.
Install this only if you intentionally want persistent AI memory. Before using it, decide where the EverMemOS server runs, what conversations may be stored, who can access the memory database, how memories can be deleted, and whether the agent must ask before saving personal information.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Conversation details and personal preferences may be saved persistently and later influence the agent, even when the user did not explicitly ask to store them.
This instructs automatic long-term storage of conversation-derived information, including user information and preferences, without documented consent, retention, deletion, or reuse boundaries.
在以下时机自动存储记忆:1. 对话结束 - 提取关键要点; 2. 用户自我介绍 - 存储用户信息; 3. 任务完成 - 记录完成内容; 4. 用户偏好表达 - 记住偏好设置
Use only if you want persistent memory. Add explicit user confirmation for memory writes, provide delete/export controls, limit what can be stored, and separate trusted user preferences from untrusted conversation text.
The agent can add, retrieve, and potentially rely on stored memories in the configured EverMemOS service.
The skill documents API calls that write user conversation content into the configured memory service. This is expected for a memory skill, but it mutates a persistent store.
curl -X POST ${EVERMEMOS_URL}/api/v1/memories ... "content": "用户今天学习了AI部署"Confirm the EverMemOS server destination before use and require user approval for writes that contain sensitive or personal information.
A memory-service API key could grant access to stored memories if it is over-scoped or exposed.
The skill may require an API key for the memory service, while the registry metadata declares no required env vars or primary credential. This is purpose-aligned but under-declared.
`EVERMEMOS_API_KEY` - API Key (如需要)
Use a least-privilege API key, keep it out of chat content, and ensure registry metadata accurately declares required credentials.
Installing the external server may run third-party services or containers on the user’s machine.
The skill directs users to deploy an external EverMemOS server with Docker Compose. That external code and container configuration are not included in the reviewed artifact.
参考官方文档:https://github.com/evermemos/EverMemOS ... docker-compose up -d
Review the EverMemOS repository and Docker Compose file, pin trusted versions, and run the service with minimal privileges.