MemData
Security checks across malware telemetry and agentic risk
Overview
MemData is a clearly disclosed paid remote memory service, with the main cautions being wallet-paid access and persistent cross-session storage.
Before installing, decide whether you are comfortable with a remote service storing agent memories tied to a wallet address and charging per request. Use encryption for sensitive data, review what gets stored or deleted, and prefer a limited wallet with manual approval for payments.
VirusTotal
59/59 vendors flagged this skill as clean.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Using the skill may incur small USDC payments and link memories to the wallet address used.
The skill requires wallet-signed paid requests and uses the wallet as identity; this is disclosed and core to the service, but it is sensitive account/payment authority.
x402 payment protocol. USDC on Base (eip155:8453). Every endpoint (except /status): ... You sign payment with wallet ... Request succeeds
Use a dedicated low-balance wallet if possible, review each payment/signature request, and understand the pricing before enabling autonomous use.
Information saved today may be returned in future sessions and influence the agent's responses or decisions.
The service intentionally reuses stored memory across sessions, so old or incorrect memories can affect later agent behavior.
Same wallet = same memories across all sessions. ... GET /identity ... get context from last session
Only store information you want reused later, periodically review or delete stored artifacts, and avoid treating retrieved memory as automatically authoritative.
Sensitive content stored in standard mode may be visible to the service provider.
The artifact discloses that standard storage can be read by MemData, while encrypted storage is optional.
Standard | None | Postgres | Yes ... Encrypted | One-time delegation | Storacha (IPFS) | No
Use the optional encrypted storage mode for sensitive memories, and avoid ingesting private or regulated data unless the storage model is acceptable.
An incorrect write or delete could pollute or remove stored memories.
The API can mutate remote memory by adding and deleting artifacts; this is purpose-aligned, but mistaken calls could affect the user's memory store.
POST /ingest Store content in memory ... DELETE /artifacts/:id Delete a memory and all its chunks.
Require confirmation for deletions and review what the agent plans to ingest, especially for important or sensitive information.