Vfs

What to consider before installing: - Don’t install this into a production agent without review. The package implements a hook system that can execute shell commands and POST memory/tells to arbitrary HTTP endpoints—if hooks are writable by untrusted agents, secrets or sensitive memories could be exfiltrated or code executed. - Ask the maintainer for a proper install spec and a list of optional features. The registry entry shows no install script but the README requires pip, FUSE, and optional libraries (boto3, faiss, sentence-transformers). Clarify which dependencies are mandatory, and whether any post-install services/daemons run. - Audit hooks and hook configuration before use. If you test the skill, search the code for HookManager/HookConfig and disable or sandbox the shell and HTTP hook types, or restrict who can write /hooks/* and /memory/tell/*. - Run in an isolated sandbox/VM or container first. Because the project can run native FUSE mounts and call external services, test in a throwaway environment and with network access blocked until you’ve confirmed safe defaults. - Review provider integrations (Alpaca, S3) and API key handling. If you enable S3 sync or third-party providers, provide minimal-scoped credentials in a controlled environment and prefer read-only policies where possible. - Inspect the full SKILL.md for the prompt-injection pattern flagged by the scanner. If it contains instructions to change system prompts or automatically inject messages into agent outputs, those are high-risk behaviors. - Consider operational mitigations: restrict which agents can create hooks, disable automatic 'urgent' injection features, and audit sends to external webhooks. If you lack the ability to harden those controls, do not install. If you want, I can: 1) scan the hook-related files (tell.py, handlers for hooks) and summarize exact code paths that perform shell exec/HTTP POST; 2) list all places that perform network I/O or spawn subprocesses so you can decide which features to disable.