Engram MCP Server

The skill looks like a legitimate local MCP server for 'engram' memories, but it has several operational risks you should weigh before installing: 1) The installer is a download-and-execute shell command (curl | sh). Inspect https://astral.sh/uv/install.sh yourself before running, or install 'uv' from a package manager you trust. 2) The skill is designed to automatically persist user memory and tool-trace data to project/global folders (./.claude/engram and ~/.engram). That can include PII or sensitive conversation content — avoid loading highly sensitive data into it. 3) The README claims the server will auto-pull the latest code from GitHub on client start; consider disabling auto-update or running the server in an isolated environment if you want reproducible behavior. 4) Review the bundled source code locally (you already have it in the skill bundle) to confirm there are no hard-coded external endpoints or unexpected network calls. 5) If you proceed, run initial installs and the web UI in a sandbox or container, back up any data, and do not enable global automatic installs/updates until you trust the upstream. If you want, I can (a) point out where to inspect the uv installer script, (b) search the included source for outbound-network calls or telemetry functions, or (c) suggest a safer install/run checklist.