skills/mem0ai/mem0/onboard/Gen Agent Trust Hub

onboard

Pass

Audited by Gen Agent Trust Hub on Jun 17, 2026

Risk Level: SAFE
Full Analysis
  • [SAFE]: No malicious patterns or security risks were identified. The skill's operations are transparent and consistent with its stated purpose of service onboarding.
  • [COMMAND_EXECUTION]: The skill executes local Python and shell scripts (ensure_deps.sh, auto_import.py, auto_setup_categories.py) distributed with the plugin to perform setup tasks and data indexing.
  • [EXTERNAL_DOWNLOADS]: Directs the user to the vendor's official portal (app.mem0.ai) to manage API credentials and connects to the vendor's MCP server (mcp.mem0.ai). These are expected service endpoints.
  • [DATA_EXFILTRATION]: Processes and uploads project context files (e.g., CLAUDE.md, .cursorrules) to the mem0 service. This is a core feature of the tool and targets the vendor's own infrastructure.
  • [CREDENTIALS_UNSAFE]: Provides standard, safe guidance for the user to manage their MEM0_API_KEY via shell environment variables or the application's local configuration, with explicit instructions to avoid exposing the secret in logs.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 17, 2026, 04:11 PM
Security Audit — agent-trust-hub — onboard