Vestige
ReviewAudited by ClawScan on May 10, 2026.
Overview
Vestige’s local memory purpose is coherent, but it relies on unreviewed local binaries and encourages automatic cross-session memory storage and retrieval.
Review before installing. Use Vestige only if you trust the local binaries at ~/bin/vestige-mcp and understand that it can store and reuse memories across sessions. Avoid saving secrets, periodically review/delete stored memories, and require confirmation before the agent saves inferred preferences or instructions.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent may run a local executable that was not part of the reviewed package.
The skill’s core behavior depends on external local executables, while the submitted artifacts contain no install spec or code for review. This leaves the provenance and behavior of the binaries unclear.
## Binary Location ``` ~/bin/vestige-mcp ~/bin/vestige ~/bin/vestige-restore ```
Only use the skill if you have independently installed and trust these binaries; the skill should declare required binaries and provide a verifiable install source.
Using the skill can cause your agent to execute local commands to search or update memory.
The skill explicitly documents shell-based invocation of a local MCP binary as part of its workflow. This is purpose-aligned for a CLI-backed memory system, but users should notice that conversations may trigger local command execution.
At the start of conversations, search for relevant context:
```bash
echo '{"jsonrpc":"2.0"...}' | ~/bin/vestige-mcp 2>/dev/null | jq -r '.result.content[0].text'
```Keep command execution user-visible, and avoid enabling session-start execution unless the referenced binary is trusted.
Personal or project information may persist across sessions and later shape the agent’s behavior, even if the saved memory is wrong, sensitive, or no longer intended.
The skill stores user statements as persistent memory and retrieves memory at future session starts, including instruction-like content. The artifacts do not describe validation, confirmation, or safeguards against stale or poisoned memories influencing later agent behavior.
Trigger Words ... "I prefer..." / "I like..." | Save as preference ... At the start of conversations, search for relevant context ... "user preferences instructions"
Ask for confirmation before saving non-explicit memories, avoid storing secrets, provide clear review/delete controls, and treat retrieved memories as hints rather than authoritative instructions.