ClawHub
Back to skill
v1.0.0

Vestige

ReviewClawScan verdict for this skill. Analyzed May 1, 2026, 5:14 AM.

Analysis

Vestige is a coherent local memory skill, but it asks the agent to run undeclared local binaries and automatically store and reuse cross-session memories, so it needs user review before installation.

GuidanceReview this skill carefully before installing. Use it only if you trust the local Vestige binaries in ~/bin, understand what information will be stored, and are comfortable with memories being searched at session start and reused across future conversations. Avoid saving secrets, and make sure you know how to inspect and delete stored memories.

Findings (3)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Agentic Supply Chain Vulnerabilities
SeverityMediumConfidenceMediumStatusConcern
SKILL.md
## Binary Location

```
~/bin/vestige-mcp
~/bin/vestige
~/bin/vestige-restore
```

The skill depends on local executables, while the provided package is instruction-only with no install spec or code files. This creates a provenance and metadata gap for components the agent is told to use.

User impactA user may install the skill expecting only instructions, but the agent could run local Vestige binaries whose source and installation method are not established by the artifacts.
RecommendationInstall only after verifying the Vestige binaries from a trusted source, and the skill should declare its required binaries and provide clear installation or verification instructions.
Tool Misuse and Exploitation
SeverityLowConfidenceMediumStatusNote
SKILL.md
echo "{\"jsonrpc\":\"2.0\"...\"query\":\"$*\"}}}" | ~/bin/vestige-mcp

The optional helper script interpolates shell arguments directly into JSON without escaping, so quotes or JSON control characters in the query or content could malformed or alter the request.

User impactUnusual input text could cause incorrect searches, failed saves, or unintended local MCP requests through the helper script.
RecommendationBuild JSON with a safe encoder such as jq using --arg, or avoid passing untrusted text through this shell wrapper.
Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Memory and Context Poisoning
SeverityMediumConfidenceHighStatusConcern
SKILL.md
"Remember this" | `smart_ingest` immediately ... At the start of conversations, search for relevant context ... Preferences that should persist indefinitely

The skill directs automatic storage and automatic retrieval of persistent memory across sessions, including user preferences, project context, reminders, and instructions-like context.

User impactPrivate, incorrect, or manipulated memories could be saved and later reused to influence future answers or actions.
RecommendationConfirm before saving sensitive memories, regularly inspect and delete stored memories, avoid storing secrets, and treat retrieved memories as context rather than authoritative instructions.