Nm Memory Palace Knowledge Locator
AdvisoryAudited by Static analysis on May 9, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Sensitive, stale, or poisoned stored knowledge could be repeatedly surfaced into future tasks and influence the agent’s work.
The skill is designed to index all stored memory palaces, connect them, and track usage patterns for later retrieval, but the artifacts do not define scope limits, exclusions, retention, or validation of retrieved memories.
1. **Build Index** - Create spatial index of all palaces ... 3. **Map Cross-References** ... 5. **Analyze Patterns** - Track and optimize based on usage
Install only if you understand which palaces are indexed; add or verify controls for palace selection, source review, retention, and clearing/rebuilding indices.
The skill or its dependencies may request or use sensitive credentials in a way that is not clear from the user-facing documentation.
The credential contract is inconsistent: the requirements say no credentials are needed, but capability signals indicate OAuth or sensitive credential use without explaining which account, token, or scope is involved.
Required env vars: none ... Primary credential: none ... Capability signals: requires-oauth-token; requires-sensitive-credentials
Before installing, confirm why OAuth or sensitive credentials are signaled, what service they belong to, and what permissions they grant.
Following the documented commands may rely on code outside this review, which could have different permissions or behavior than the skill text suggests.
The documented workflows depend on an external plugin/script that is not included in this instruction-only package, so the referenced runtime behavior cannot be verified from the supplied artifacts.
For the full experience with agents, hooks, and commands, install the Claude Code plugin. ... python scripts/palace_manager.py search "authentication" --type semantic
Inspect the referenced plugin and palace_manager.py before using the command workflows, especially if they access private memories or credentials.