cortex-mem-mcp
ReviewAudited by ClawScan on May 10, 2026.
Overview
The supplied artifact is coherent for a persistent-memory MCP skill, but it stores conversation context across sessions and requires external software plus LLM/embedding API keys.
Before installing, verify the upstream package or release, protect the API-key config file, use separate or scoped provider keys, avoid saving secrets, and consider using the no-auto-trigger option if you want memories stored only when explicitly requested.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Information saved from chats may be reused in later sessions and could influence future agent responses.
This shows the skill intentionally persists conversation context for future retrieval, which is purpose-aligned but sensitive.
Persistent memory enhancement for AI agents. Store conversations, search memories with semantic retrieval, and recall context across sessions.
Avoid storing secrets or highly sensitive information, review/delete memories regularly, and consider disabling auto-triggered extraction when you want explicit control.
Provider API keys authorize calls that may process memory content and may incur cost under the user's account.
The skill requires provider credentials to call LLM and embedding services; this is expected for the integration but should be handled carefully.
Needs API keys for LLM and embedding services.
Use scoped, revocable API keys, protect the config file permissions, and do not commit the configuration containing keys.
Installing the MCP server executes external software, so the safety of the runtime depends on the package or release the user installs.
The skill instructs users to install an external binary/source package that is not included in the scanned artifact.
cargo install cortex-mem-mcp ... git clone https://github.com/sopaco/cortex-mem.git ... Download the latest release from GitHub
Install only from trusted sources, prefer pinned versions or verified releases, and review the upstream project before use.