Memos
PassAudited by ClawScan on May 1, 2026.
Overview
The skill’s behavior matches its memo-management purpose, but it requires a Memos access token and an external npx MCP server that can read, change, and delete memos.
This skill appears coherent and purpose-aligned. Before installing, make sure you trust the openclaw-memos-mcp package, use a limited Memos token if possible, keep memo creation private unless you explicitly want public memos, and carefully confirm any delete requests.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The user must trust the external MCP server package before giving it access to their Memos instance.
The skill relies on an external MCP package launched via npx, and the artifact does not pin a version or provide package provenance.
"command": "npx", "args": ["openclaw-memos-mcp"]
Verify the MCP package source, consider pinning a known version, and only configure it if you trust it.
Anyone or anything with this token may be able to access or modify memos allowed by that token.
The skill requires a Memos access token, which is expected for this integration but grants delegated authority over the user’s Memos data.
"MEMOS_TOKEN": "<your-access-token>"
Use the least-privileged token available, store it carefully, and revoke it if the MCP server is no longer needed.
A mistaken or misunderstood delete request could permanently remove memo data.
The skill can perform irreversible deletion, but it discloses the impact and requires user confirmation.
Call `memos_delete` with the memo ID. **This is irreversible.** Always confirm with the user before deleting.
Review memo IDs and content carefully before approving deletes, and maintain backups if the Memos instance supports them.
The MCP server process can see memo content, search results, and the configured access token while performing the requested operations.
All memo content and operations are routed through the configured MCP server, making that server a sensitive data boundary.
Uses openclaw-memos-mcp for all operations.
Only use a trusted MCP server and avoid routing highly sensitive memo content through untrusted integrations.