mem9 Security Report — Trusted | ClawSafe

5 /100

mem9

Persistent cloud memory for OpenClaw with cross-session recall, explicit remember/save flows, shared spaces, hybrid search, and a visual dashboard

A legitimate cloud memory plugin skill with comprehensive documentation, clear scope, and no security concerns identified.

Skill Namemem9

Duration25.0s

Enginepi

✓

Safe to install

No action needed. This skill is safe to use.

Findings 1 items

Severity	Finding	Location
Info	Implementation limited to documentation Doc Mismatch This skill consists entirely of markdown documentation files. There are no executable scripts or code files to analyze for hidden functionality. All described behavior is clearly documented. `All markdown files with no scripts/` → For complete security assurance, the actual @mem9/mem9 npm package should be reviewed separately.	`SKILL.md:1`

Resource	Declared	Inferred	Status	Evidence
Shell	`WRITE`	`WRITE`	✓ Aligned	openclaw plugins install/uninstall commands in SETUP.md and UNINSTALL.md
Filesystem	`WRITE`	`WRITE`	✓ Aligned	Edits openclaw.json with specific scoped keys in SETUP.md
Network	`READ`	`READ`	✓ Aligned	Connects to https://api.mem9.ai (declared in SKILL.md)
Environment	`NONE`	`NONE`	—	No environment variable access observed
Skill Invoke	`NONE`	`NONE`	—	No nested skill invocations

8 findings

🔗

Medium External URL 外部 URL

https://api.mem9.ai

SETUP.md:152

🔗

Medium External URL 外部 URL

https://mem9.ai/your-memory/

SETUP.md:336

🔗

Medium External URL 外部 URL

https://mem9.ai/openclaw-memory

SKILL.md:4

🔗

Medium External URL 外部 URL

https://mem9.ai/

SKILL.md:29

🔗

Medium External URL 外部 URL

https://mem9.ai/SKILL.md

SKILL.md:184

🔗

Medium External URL 外部 URL

https://mem9.ai/UNINSTALL.md

SKILL.md:184

🔗

Medium External URL 外部 URL

https://mem9.ai/TROUBLESHOOTING.md

SKILL.md:194

🔗

Medium External URL 外部 URL

https://registry.npmmirror.com

TROUBLESHOOTING.md:145

File Tree

4 files · 46.4 KB · 977 lines

Markdown 4f · 977L

├─ 📝 SETUP.md Markdown 417L · 18.5 KB

├─ 📝 SKILL.md Markdown 215L · 11.4 KB

├─ 📝 TROUBLESHOOTING.md Markdown 159L · 8.7 KB

└─ 📝 UNINSTALL.md Markdown 186L · 7.9 KB

Security Positives

✓ Comprehensive and well-structured documentation with clear safety rules

✓ Declared network scope limited to api.mem9.ai only

✓ Config changes strictly scoped to specific openclaw.json keys

✓ User-provided credentials handled locally without exfiltration

✓ Explicit approval gates before any destructive operations

✓ No credential harvesting patterns observed

✓ No obfuscation or suspicious encoding patterns

✓ No remote code execution patterns (curl|bash, wget|sh)

✓ Clear uninstall process with local cleanup

✓ Restart flow explicitly disclosed to user

Scan Report

Findings 1 items

File Tree

Security Positives