Yggdrasilthedotmack/claude-mem
↗ GitHubA Claude Code plugin that automatically captures everything Claude does during your coding sessions, compresses it with AI (using Claude's agent-sdk), and injects relevant context back into future sessions.
44,328
Stars
3,325
Forks
180
Watchers
217
Open Issues
Safety Rating B
The repository appears to be a legitimate, well-documented open source TypeScript project for extending Claude Code with persistent memory capabilities. However, two concerns are noted: (1) The README prominently features a Solana cryptocurrency token ($CMEM) with its contract address, described as a third-party token 'officially embraced' by the author. This is an unusual and potentially misleading inclusion in a developer tool, as it may conflate the open source project with speculative financial activity. (2) The project auto-installs additional runtimes (Bun, uv/Python) and runs a persistent background HTTP service on port 37777, which expands the attack surface beyond a typical npm package. No hardcoded API keys, backdoors, or prompt injection attempts were detected in the provided content. Overall the project is not clearly malicious but the cryptocurrency promotion warrants curator scrutiny before listing.
ℹAI-assisted review, not a professional security audit.
AI Analysis
Claude-Mem is a persistent memory plugin for Claude Code (Anthropic's AI coding assistant) that automatically captures tool usage observations during coding sessions, compresses and summarizes them using Claude's agent SDK, and injects relevant context back into future sessions. It uses a hybrid SQLite + ChromaDB vector database for storage, exposes MCP search tools for natural language memory queries, and includes a local web viewer UI for real-time memory inspection.
Use Cases
- Persisting context and project knowledge across Claude Code sessions
- Semantic search over historical coding session observations
- Reducing token usage via progressive disclosure and context compression
- Injecting relevant past context automatically at session start
- Providing a local web UI for browsing and searching AI session memory
Tags
Security Findings (2)
The README contains a Solana token contract address (2TsmuYUrsctE57VLckZBYEEzdokUF8j8e1GavekWBAGS) embedded inline, associated with a cryptocurrency token ($CMEM) the author acknowledges was created by a third party but has 'officially embraced'. This is not a typical software secret but is notable as an unusual inclusion in a developer tool README.
The README promotes a third-party Solana cryptocurrency token ($CMEM) and provides its contract address directly, which is atypical for a legitimate open source developer tool and could be used to promote speculative financial activity. This does not constitute malicious code in the repository itself, but warrants curator awareness.