MnemoPay
WarnAudited by ClawScan on May 10, 2026.
Overview
MnemoPay is coherent with its stated purpose, but it gives an agent persistent cross-session memory and wallet/payment tools with unclear approval boundaries.
Review carefully before installing. Only use MnemoPay with explicit transaction approvals, low payment limits, and clear rules for what memories may be saved and recalled. Pin and review the external @mnemopay/sdk package if you intend to use it with real payment or sensitive memory data.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent could create payment requests or move funds in ways the user may not have explicitly approved for that specific task.
The workflow gives the agent tools to initiate and finalize payment actions. The provided text says to charge after delivering work, but it does not clearly require a separate user confirmation of the exact amount and terms before creating the charge.
`mcp__mnemopay__charge` | Create an escrow charge for work delivered (max $500 x reputation) ... Call `mcp__mnemopay__charge` with amount and clear description of value delivered ... call `mcp__mnemopay__settle`
Require explicit user confirmation before every charge and settlement, including amount, payer, recipient, description, and refund terms; enforce conservative spending limits.
Sensitive, outdated, or incorrect facts could be saved and later influence future conversations without the user realizing it.
The skill encourages persistent storage and automatic reuse of conversation-derived memories across sessions. The visible text does not clearly bound what may be stored, require per-memory consent, or define retention and sensitivity rules.
When you learn something important during a conversation: 1. Call `mcp__mnemopay__remember` ... At the beginning of every conversation: 1. Call `mcp__mnemopay__recall` ... 2. Use recalled memories
Ask before saving personal or sensitive memories, show users what was stored, provide easy deletion, and limit automatic recall to relevant, user-approved memory categories.
The behavior ultimately depends on an external package that may change over time and was not available for code review here.
The setup runs an external npm package via `npx -y` without a pinned version. This is a normal MCP setup pattern, but the reviewed artifact does not include the package implementation.
openclaw mcp set mnemopay '{"command":"npx","args":["-y","@mnemopay/sdk"],"env":{"MNEMOPAY_AGENT_ID":"openclaw-agent","MNEMOPAY_MODE":"quick"}}'Pin a known-good package version, review the package source, and prefer a lockfile or signed/provenance-verified release before using it with memory or wallet functions.
If connected to real payment infrastructure, the agent may be able to affect money movement and reputation-linked limits.
Wallet and payment authority is part of the stated purpose, but it is still delegated financial authority that can affect balances and transaction history.
`mcp__mnemopay__settle` | Finalize a pending charge. Moves funds to wallet, boosts reputation +0.01
Connect only accounts with limited funds/permissions, require approval for every transaction, and audit balance, history, and logs regularly.