Skip to main content
When connecting AI tools to Mem through MCP, follow these practices to reduce risk and keep control over write actions.

Verify official Mem MCP endpoints

Use only these domains:
  • https://mcp.mem.ai/mcp
  • https://mcp.mem.ai/.well-known/...
  • https://api.mem.ai/... and https://mem.ai/... during OAuth flow

Use trusted clients and connectors

Install MCP clients from trusted sources and double-check connector URLs before approving access.

Keep human confirmation enabled for writes

For destructive actions (for example deleting notes or collections), keep approval steps enabled in your client workflow.

Use a dedicated workspace or test account when possible

If you need stricter operational boundaries, connect MCP in a workspace or account with only the data you want tools to access.

Treat prompts as untrusted input

Prompt injection can try to make agents exfiltrate or modify data. Review tool calls and approvals before execution.

Keep tokens and session state private

Do not share bearer tokens or local MCP auth/cache files.