Openclaw Mem0
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Personal facts, preferences, or accidentally shared sensitive details may be remembered across sessions and influence future answers.
The plugin persistently stores conversation-derived facts and later injects retrieved memories into future prompts, which is the core feature but can preserve sensitive details or let bad memories influence later agent behavior.
Auto-Recall: Before every agent turn, it searches memory for relevant context and injects it into the system prompt. ... Auto-Capture: After every agent turn, it analyzes the conversation and stores key facts into memory.
Enable this only if you want persistent memory; configure capture rules, review or delete stored memories, and disable auto-capture or auto-recall for sensitive conversations.
Anyone with the configured API key may be able to read or modify memories in the associated Mem0 account, depending on the key's scope.
Platform mode requires a Mem0 credential, and the plugin correctly marks it as sensitive; this is expected but gives the plugin access to the user's Mem0 memory account.
"apiKey": { "label": "Mem0 API Key", "sensitive": true, "placeholder": "m0-...", "help": "API key from app.mem0.ai (or use ${MEM0_API_KEY}). Only needed for platform mode." }Use a dedicated, least-privilege Mem0 key if available, store it securely, and verify the configured host is the intended Mem0 endpoint.
The agent could remove useful memories or expose stored memory contents during a conversation if prompted to do so.
The agent receives tools that can enumerate and delete persistent memories. This matches a memory-management plugin, but deletion and listing should remain user-directed.
The agent can proactively call these tools: ... `memory_list` | List all memories ... `memory_forget` | Delete a memory | `memoryId` (string) or `query` (string)
Ask the agent to confirm before deleting memories, periodically review stored memories, and avoid storing secrets or credentials as memories.
Installing the plugin will run package-provided code and rely on npm dependencies, so supply-chain trust matters.
The package is an executable npm plugin with runtime dependencies. This is normal for an OpenClaw integration, but users should verify the package source and resolved dependency versions.
"openclaw": { "extensions": [ "./index.ts" ] }, ... "dependencies": { "@sinclair/typebox": "^0.34.48", "dotenv": "^17.2.4", "mem0ai": "^2.2.2", "openclaw": "^2026.2.9" }Install from the intended package/repository, prefer locked dependency resolution where possible, and keep the plugin updated from a trusted source.