Aionis
Security checks across static analysis, malware telemetry, and agentic risk
Overview
Aionis appears to be a coherent memory integration, but it should be reviewed because its setup can start a persistent Docker service and expose an admin token to the agent environment.
Review the bootstrap before using it. If you install this skill, start the Docker service only with explicit approval, verify the Aionis image source, avoid exposing the admin token to routine agent tasks, and keep memory scopes limited to the project.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Using the skill can leave a local Aionis service and stored memory data running beyond the current conversation.
The bootstrap starts a detached Docker service configured to restart unless stopped and to keep data in a persistent Docker volume.
docker run -d \
--name "$AIONIS_CONTAINER_NAME" \
--restart unless-stopped \
-p "127.0.0.1:${AIONIS_PORT}:3001" \
...
-v "${AIONIS_VOLUME}:/var/lib/postgresql/data"Run the bootstrap manually only after approval, document how to stop and remove the container and volume, and avoid automatic startup unless the user explicitly asks for it.
The agent environment may receive broader administrative access to the local Aionis service than is needed for the stated memory workflow.
The generated Clawbot environment file includes both the normal memory API key and an admin token, while the SKILL.md workflow only documents AIONIS_API_KEY or AIONIS_AUTH_BEARER as required auth for memory operations.
echo "AIONIS_API_KEY=${memory_api_key}"
echo "AIONIS_ADMIN_TOKEN=${admin_token}"Do not source or expose the admin token to the agent unless it is required; keep admin credentials separate from normal memory API credentials.
The local service will run code from a remote container image that is not included in the skill package.
The setup downloads a remote Docker image by tag rather than a pinned digest. This is purpose-aligned, but the container contents are outside the provided artifact review.
AIONIS_IMAGE="${AIONIS_IMAGE:-ghcr.io/cognary/aionis:standalone-v0.2.5}"
...
docker pull "$AIONIS_IMAGE"Only use the bootstrap if you trust the image publisher; prefer a pinned digest or a locally reviewed image for higher assurance.
Stored memories or feedback could influence later agent decisions, and sensitive facts may persist in the Aionis store.
The skill intentionally stores and recalls memory and uses memory rules/feedback to influence tool routing and future behavior.
Use this skill when the user asks for long-term memory, retrieval with citations, tool routing from memory rules, or feedback-driven policy adaptation.
Use project-specific scopes, avoid storing secrets or unnecessary personal data, and review or clear stored memory when it should no longer influence the agent.