Skills
skills/terminalskills/skills/claude-mem/Gen Agent Trust Hub

claude-mem

Warn

Audited by Gen Agent Trust Hub on Apr 16, 2026

Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill instructs users to install unverified software packages globally and via package managers.
  • Evidence: npm install -g claude-mem (from thedotmack/claude-mem) and pip install letta (from letta-ai).
  • [COMMAND_EXECUTION]: The skill executes various shell commands to initialize tools and modify system behavior.
  • Evidence: claude-mem init, claude-mem setup-hooks, and letta server commands are used to integrate the tools into the development environment.
  • [DATA_EXFILTRATION]: The tools described are designed to capture, summarize, and store full session histories.
  • Evidence: Session interactions (including potentially sensitive code and data) are recorded and either stored locally in .claude-mem/ or sent to external services like Letta (cloud or self-hosted) or Claude APIs for compression.
  • [PROMPT_INJECTION]: The skill creates a surface for indirect prompt injection by design.
  • Ingestion points: Session activity and interactions are captured from the active Claude Code environment (SKILL.md).
  • Boundary markers: None identified in the provided configuration or instructions to distinguish between trusted and untrusted historical context.
  • Capability inventory: The skill uses claude-mem inject to feed captured history back into the LLM context, which could lead to the execution of instructions hidden in previous session logs.
  • Sanitization: No evidence of sanitization or filtering of captured session data before re-injection is provided.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Apr 16, 2026, 03:42 AM
Security Audit — agent-trust-hub — claude-mem