Dangerous exec
Critical
- Finding
- Shell command execution detected (child_process).
Smart Memory
Security checks across static analysis, malware telemetry, and agentic risk
Overview
Prompt-injection indicators were detected in the submitted artifacts (system-prompt-override); human review is required before treating this skill as clean.
Before installing, confirm you want a persistent local memory system that records conversation content and derived preferences. Keep the API bound to localhost, review or pin the installer/postinstall steps, and periodically inspect or clear stored memory if sensitive information is captured. ClawScan detected prompt-injection indicators (system-prompt-override), so this skill requires review even though the model response was benign.
Static analysis
Dangerous exec
Critical
- Finding
- Shell command execution detected (child_process).
Dangerous exec
Critical
- Finding
- Shell command execution detected (child_process).
Env credential access
Critical
- Finding
- Environment variable access combined with network send.
VirusTotal
67/67 vendors flagged this skill as clean.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
#
ASI06: Memory and Context Poisoning
Medium
What this means
Private conversations and inferred preferences may persist locally and influence future assistant responses, including if an incorrect or maliciously phrased memory is stored.
Why it was flagged
The skill intentionally stores transcript-derived facts and profile-like memory for reuse in later prompts.
Skill content
- transcript-first ingest and per-message transcript logging - typed long-term memory including `preference`, `identity`, and `task_state`
Recommendation
Install only if persistent local memory is desired; avoid committing secrets, inspect stored memories periodically, and provide a clear way to delete or rebuild memory.
#
ASI02: Tool Misuse and Exploitation
Low
What this means
The agent may save facts, decisions, or summaries that later affect responses unless the user reviews or controls memory commits.
Why it was flagged
The exposed memory tool can mutate persistent agent state by saving new memories; this is expected for the skill but important for users to understand.
Skill content
`memory_commit` - purpose: persist important facts, decisions, beliefs, goals, or session summaries
Recommendation
Use memory commit deliberately, review important saved memories, and prefer user confirmation for sensitive or long-lived facts.
#
ASI04: Agentic Supply Chain Vulnerabilities
Medium
What this means
Running the installer trusts the current contents of the remote repository and its dependency installation steps.
Why it was flagged
The optional installer pattern asks the user to run a remote script from a mutable branch, so installed code may differ from the reviewed artifact.
Skill content
Usage: curl -sL https://raw.githubusercontent.com/BluePointDigital/smart-memory/master/install.sh | bash
Recommendation
Prefer a pinned release or commit, review the installer before running it, and avoid running it with elevated privileges.
#
ASI05: Unexpected Code Execution
Low
What this means
Installing dependencies can run setup commands before the user interacts with the memory tools.
Why it was flagged
The static scan shows npm postinstall command execution, which is common for setup but still executes local commands during installation.
Skill content
const result = spawnSync(command, args, {Recommendation
Review postinstall behavior and dependency sources before running npm install, especially on systems containing sensitive data.