onboard
Pass
Audited by Gen Agent Trust Hub on Jun 17, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No malicious patterns or security risks were identified. The skill's operations are transparent and consistent with its stated purpose of service onboarding.
- [COMMAND_EXECUTION]: The skill executes local Python and shell scripts (
ensure_deps.sh,auto_import.py,auto_setup_categories.py) distributed with the plugin to perform setup tasks and data indexing. - [EXTERNAL_DOWNLOADS]: Directs the user to the vendor's official portal (
app.mem0.ai) to manage API credentials and connects to the vendor's MCP server (mcp.mem0.ai). These are expected service endpoints. - [DATA_EXFILTRATION]: Processes and uploads project context files (e.g.,
CLAUDE.md,.cursorrules) to the mem0 service. This is a core feature of the tool and targets the vendor's own infrastructure. - [CREDENTIALS_UNSAFE]: Provides standard, safe guidance for the user to manage their
MEM0_API_KEYvia shell environment variables or the application's local configuration, with explicit instructions to avoid exposing the secret in logs.
Audit Metadata