ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Memscape

v1.0.1

Persistent memory and collective knowledge for AI agents. Use at session start to load previous context (memscape_resume). Use during work to save decisions,...

1· 54·0 current·0 all-time
byAsim Khan@tobeasim
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description (persistent collective memory) align with required items: MEMSCAPE_API_KEY, curl, and a credentials file under ~/.config/memscape. The endpoints and tool names in SKILL.md match the described service.
Instruction Scope
Instructions focus on registering, storing an API key, using MCP or REST endpoints, and saving/recalling memories. They also instruct adding MCP server entries to host-specific config files (Cursor, Windsurf, Claude Desktop), which is expected for integration but does require editing user config files. The SKILL.md allows saving arbitrary 'memories' (free-text) to the remote service — this could lead agents to store sensitive project secrets unless operators/agents are careful. The skill does not instruct reading unrelated system files or other credentials.
Install Mechanism
Instruction-only skill with no install spec and no code files. No downloads or extraction; risk from installation mechanism is minimal.
Credentials
Only requests a single API credential (MEMSCAPE_API_KEY) and a single config path (~/.config/memscape/credentials.json), which is proportionate for a hosted memory service. No unrelated credentials (cloud keys, tokens) are requested.
Persistence & Privilege
always:false and normal agent invocation. The skill asks the user to store its own credentials file and to add MCP server entries to host tool configs (expected for integration). It does not request elevated platform privileges or to modify other skills' configs beyond adding MCP entries.
Assessment
This skill appears coherent for a remote memory/knowledge service, but treat it like any external data store: 1) keep MEMSCAPE_API_KEY secret and store it only in the indicated credentials file; 2) avoid saving passwords, private keys, access tokens, or other secrets in 'memories' you promote or contribute; 3) review memscape.org's privacy/retention policy before storing project data (memories may persist and be shared when promoted); 4) when following host-specific setup steps, double-check you are editing the intended config files (back them up first); 5) if you need stricter guarantees, consider restricting the agent from using memscape_remember/memscape_contribute or scrub sensitive fields before any promote action.

Like a lobster shell, security has layers — review code before you run it.

latestvk97fr9ejw35mpy746337ntasrs83jbgw

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

Binscurl
EnvMEMSCAPE_API_KEY
Config~/.config/memscape/credentials.json
Primary envMEMSCAPE_API_KEY

Comments