ClawAudit verdict

memento

🟢 Trusted

Low risk — reviewed by ClawAudit, behavior matches stated purpose

Accesses agent memory/notes AND makes external network calls

Local persistent memory plugin with explicit privacy disclosure; data stays in local SQLite and external LLM calls are opt-in with clear warning when data leaves the machine.

Automated static analysis — not a human review. ClawAudit flags capabilities, not confirmed intent, and can produce false positives. Disagree with this verdict? Use Dispute below.

security

transparency

maintenance

What it does

These are capability combinations: each listed behavior occurs in the skill, but ClawAudit detects co-occurrence — it does not verify that one flows into another. Read the code to confirm a live chain.

Capability combination critical

Accesses agent memory/notes AND makes external network calls — may leak personal data

LLM02 · LLM07 · ASI03 · ASI06

Capability combination high

Accesses agent memory AND makes external network calls — may leak conversation history

LLM02 · LLM07 · ASI06

Permission integrity

Makes network requests but does not declare curl/wget in required binaries

network_out

Installs packages at runtime — transitive dependencies are not auditable

package_install

Accesses agent memory/configuration files

agent_memory

Findings (11)

Pattern match medium

References agent memory files

SKILL.md · code · MEMORY.md

Pattern match medium

Instructs covert action — may act without user awareness

CHANGELOG.md · prose · downgraded · silently

Pattern match medium

References child_process — can spawn system processes

PHASE2-SPEC.md · prose · downgraded · child_process

Pattern match medium

References sudo — requests elevated privileges

ROADMAP.md · prose · downgraded · sudo

Pattern match medium

Uses exec() — may execute shell commands

src/cli/ingest-tokens.ts · prose · downgraded · exec(

Pattern match medium

References SSH/GPG private keys

src/extraction/classifier.ts · prose · downgraded · ssh_key

Pattern match medium

Dynamic import() — loads module at runtime

src/storage/embeddings.ts · prose · downgraded · import("

Pattern match low

Accesses sensitive environment variables

src/extraction/extractor.ts · prose · downgraded · process.env.MEMENTO_API_KEY

Pattern match low

References agent configuration files

src/extraction/migrate.ts · prose · downgraded · AgentConfig

Pattern match low

Popular HTTP library — network access

src/recall/search.ts · prose · downgraded · got

Pattern match low

Blob URL — may embed executable content

src/storage/dedup-sweep.ts · prose · downgraded · blob:

Permissions & capabilities

No declared permissions — minimal attack surface.

network_outagent_memorypackage_install

I installed anyway

Check another skill Browse the registry Auditing your own skills or configs? Use the API