Smart Memory

Installing this way can execute whatever code is currently on the remote master branch and install-time scripts may change between review and use.

The installer encourages piping a remote script to bash, pulls the current GitHub master branch without a pinned release or checksum, and then runs npm install. This is a supply-chain risk, especially because the registry says there is no install spec.

A normal npm install can run local commands and install dependencies before the user has separately reviewed those commands.

The static scan shows the npm postinstall script shells out. Because install.sh runs npm install and comments that postinstall creates the Python venv and installs requirements, users may get command execution during setup that is not represented in the registry install metadata.

Any local client able to reach the service could potentially trigger major memory-state changes, not just search or commit normal memories.

The visible FastAPI route exposes a high-impact rebuild operation on the memory state, and the shown route does not include an authentication, confirmation, or scoping check.

Private conversation details, preferences, identities, and task history may remain on disk and be reused in future agent responses.

The skill intentionally persists transcripts as canonical truth and derives reusable memories from them. This is core to the stated purpose, but the stored content may contain sensitive user data and can later shape prompts.

The agent may consult stored memory automatically when it thinks continuity or prior preferences matter.

The skill instructs the agent to call memory retrieval before certain answers. This is aligned with a memory tool, but it does steer tool use and response grounding.