Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
MnemoPay
v1.1.0Give any AI agent persistent memory and a wallet. Remember facts across sessions, recall with semantic search, charge for work delivered, track reputation. 1...
⭐ 0· 67·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The skill claims to provide persistent memory and a wallet, and the SKILL.md instructs using `npx @mnemopay/sdk` which explains the npx requirement. However, the skill claims payment/escrow functionality without declaring or requiring any payment-provider credentials, database connection strings, or other infrastructure details. The homepage GitHub path and registry owner information are opaque/unfamiliar, which increases uncertainty.
Instruction Scope
The SKILL.md instructs the agent to run `openclaw mcp set` which will cause the agent to execute `npx` to fetch an external SDK and run a persistent MCP server that stores memories, logs, and handles payments. The instructions reference many environment variables (MNEMOPAY_*, MNEMO_URL, AGENTPAY_URL) and persistent services (Postgres, Redis) but the registry metadata lists no required env or config. The skill's instructions also enable workflows that would allow the agent to create charges and settle payments; the guidance not to charge speculatively is a policy, not an enforcement mechanism.
Install Mechanism
There is no install spec in the registry, but the runtime instructions explicitly instruct dynamic installation/execution via `npx -y @mnemopay/sdk`. That causes arbitrary code from the npm registry to be fetched and run at agent runtime. The package and GitHub repo do not appear to be a well-known or verified source, increasing supply-chain risk.
Credentials
Registry metadata declares no required env vars, but the SKILL.md examples and workflows reference multiple MNEMOPAY_* variables and service URLs and expect persistent storage and payment endpoints. Payment functionality implies the need for secrets/credentials (payment gateway keys, DB URLs) that are neither declared nor described. This mismatch (no declared creds but clear need for them) is a red flag.
Persistence & Privilege
The skill instructs installation of a persistent MCP server that would hold memories, logs, and wallets. Although `always: false` and autonomous invocation is the platform default, this skill's ability to create charges and settle payments combined with the lack of declared authorization controls raises the risk that an agent could autonomously create financial transactions if misconfigured or exploited.
What to consider before installing
Do not install blindly. Key things to verify before using this skill:
- Source provenance: confirm the npm package and GitHub repo are legitimate, review the package code and maintainer identity.
- Installation risk: the SKILL.md tells the agent to run `npx @mnemopay/sdk` — that will fetch and execute remote code. Only allow this in a sandboxed environment after code review.
- Credentials and infrastructure: clarify what DB, Redis, and payment credentials are required and ensure they are provided via secure secret storage (not hard-coded). Ask how payment escrow is implemented and what third-party gateways are used.
- Autonomy and billing safeguards: require explicit human approval before any charge is created or settled; restrict autonomous invocation for payment-related tools; add limits and audit hooks.
- Data governance: ask how memories and logs are stored, encrypted, retained, and deleted (privacy/PDPA/GDPR concerns).
If you cannot validate the package source and the payment/back-end design, treat this skill as unsafe for production and run only in an isolated test environment with strict limits on network and financial actions.Like a lobster shell, security has layers — review code before you run it.
latestvk97147t4tqn1wm0e7bg4vcb39h845wf1
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
Runtime requirements
🧠 Clawdis
Binsnpx