ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Mem0 1.0.0

Intelligent memory layer for Clawdbot using Mem0. Provides semantic search and automatic storage of user preferences, patterns, and context across conversati...

MIT-0 · Free to use, modify, and redistribute. No attribution required.
0 · 246 · 2 current installs · 2 all-time installs
by@Sieyer
MIT-0
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
The skill's name, description, and code consistently implement a local memory layer (uses mem0ai, local vector store, OpenAI embedder/LLM). However registry metadata claims no required environment variables while SKILL.md and scripts expect OPENAI_API_KEY. That metadata omission is an incoherence that affects whether the skill can run and what secrets it needs.
Instruction Scope
SKILL.md and the scripts limit activity to semantic search, add/list/delete operations, and local storage under ~/.mem0. The code does not attempt to read arbitrary system files or contact unexpected endpoints (it uses the mem0ai client which, per config, will call OpenAI). It documents what to store and not store. This is within the stated memory-purpose scope.
!
Install Mechanism
There is no install spec even though package.json, package-lock.json, and Node scripts are included. That means the skill either expects the environment to already have Node deps (mem0ai) installed or will fail. The package-lock references many transitive packages (normal for npm), but absence of an install instruction is a usability/security gap that could cause unexpected behavior.
!
Credentials
The skill actually reads process.env.OPENAI_API_KEY (and optionally JSON_OUTPUT) but the registry lists no required env vars. Requesting an OpenAI API key is proportionate to the stated purpose, but the omission from declared requirements is misleading. Also USER_ID is hardcoded to 'abhay' in config, which could cause cross-user data mixing unless overridden.
Persistence & Privilege
The skill persists data locally under ~/.mem0 and creates an SQLite history.db — that's expected for a memory store and does not modify other skills or system-wide settings. always is false. Note the fixed history path and default USER_ID which may lead to persistent data on disk and potential accidental sharing between contexts.
What to consider before installing
This skill appears to implement the memory functionality it claims, but there are important inconsistencies to resolve before installing: (1) It requires an OpenAI API key (OPENAI_API_KEY) even though the registry metadata declares no required env vars — supply and protect that key if you proceed. (2) The package includes Node scripts and package.json but provides no install instructions; you should run npm install (or otherwise ensure mem0ai and transitive deps are available) in a controlled environment or container. (3) The default USER_ID is hardcoded to 'abhay' and the skill writes data to ~/.mem0 — confirm you are comfortable with local persistent storage and change the default userId before use to avoid cross-user mixing. If you need higher assurance, ask the publisher for an explicit install spec and a corrected requirements list, review mem0ai's privacy/telemetry docs, and test the scripts in an isolated environment first.

Like a lobster shell, security has layers — review code before you run it.

Current versionv1.0.0
Download zip
latestvk973p3nyefp246tdf0jcasv8v1824mjf

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

SKILL.md

Mem0 Memory Integration

Mem0 adds an intelligent, adaptive memory layer to Clawdbot that automatically learns and recalls user preferences, patterns, and context across all interactions.

Core Workflow

1. Search Before Responding

Before answering user questions, search mem0 for relevant context:

node scripts/mem0-search.js "user preferences" --limit=3

Use retrieved memories to:

  • Personalize responses
  • Remember preferences
  • Recall past patterns
  • Adapt communication style

2. Store After Interactions

Explicit Storage (when user says "remember this"):

node scripts/mem0-add.js "Abhay prefers concise updates"

Conversation Storage (for context learning):

# Pass messages as JSON
node scripts/mem0-add.js --messages='[{"role":"user","content":"I like brief updates"},{"role":"assistant","content":"Got it!"}]'

Available Commands

Search Memories

node scripts/mem0-search.js "query text" [--limit=3] [--user=abhay]

Searches semantically across stored memories. Returns relevant memories ranked by relevance.

Add Memory

# Simple text
node scripts/mem0-add.js "memory text" [--user=abhay]

# Conversation messages (auto-extracts memories)
node scripts/mem0-add.js --messages='[{...}]' [--user=abhay]

Mem0's LLM automatically extracts, deduplicates, and merges related memories.

List All Memories

node scripts/mem0-list.js [--user=abhay]

Shows all stored memories for the user with IDs and creation dates.

Delete Memories

# Delete specific memory
node scripts/mem0-delete.js <memory_id>

# Delete all memories for user
node scripts/mem0-delete.js --all --user=abhay

What to Store vs Not Store

✅ Store These:

  • Explicit requests: "Remember that I..."
  • Preferences: Communication style, format choices
  • Personal context: Work info, interests, family (non-sensitive)
  • Usage patterns: Frequent requests, timing preferences
  • Corrections: When user corrects your mistakes
  • Adaptive facts: Current projects, recent interests

❌ Don't Store:

  • Secrets, passwords, API keys
  • Temporary context (unless explicitly requested)
  • System errors or debug info
  • Information already in MEMORY.md (avoid duplication)

Complementing Clawdbot Memory

Clawdbot MEMORY.md (Structured, Deliberate):

  • Permanent facts: Name = Abhay, Location = Singapore
  • Reference data: Email, blog URL, Twitter handle
  • Structured knowledge: Project details, credentials

Mem0 (Dynamic, Learned):

  • Preferences: "Abhay prefers concise updates"
  • Patterns: "Usually asks for bus info at 8:30am"
  • Adaptive context: "Currently interested in AI news"
  • Behavioral: "Likes direct answers, minimal fluff"

Use both together: Check MEMORY.md for facts, check mem0 for preferences/patterns.

Performance Benefits

  • +26% accuracy over OpenAI Memory (LOCOMO benchmark)
  • 91% faster than full-context retrieval
  • 90% fewer tokens than including all conversation history
  • Sub-50ms semantic search retrieval

Configuration

Located in scripts/mem0-config.js:

{
  embedder: "openai/text-embedding-3-small",
  llm: "openai/gpt-4o-mini",
  vectorStore: "memory" (local),
  historyDb: "~/.mem0/history.db",
  userId: "abhay"
}

Uses Clawdbot's OpenAI API key from environment (OPENAI_API_KEY).

Integration Patterns

For detailed workflow patterns, error handling, and best practices, see:

  • references/integration-patterns.md

Programmatic Use

All scripts support JSON_OUTPUT environment variable for programmatic access:

JSON_OUTPUT=1 node scripts/mem0-search.js "query"

Returns JSON after human-readable output (look for ---JSON--- marker).

Resources

scripts/

  • mem0-config.js - Configuration and instance initialization
  • mem0-search.js - Search memories semantically
  • mem0-add.js - Add new memories
  • mem0-list.js - List all memories
  • mem0-delete.js - Delete memories

references/

  • integration-patterns.md - Detailed best practices and patterns

Files

10 total
Select a file
Select a file to preview.

Comments

Loading comments…