Memphis Cli
PendingStatic analysis audit pending.
Overview
No static analysis result has been recorded yet. Pattern checks will appear here once the artifact has been analyzed.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A user or agent could run unreviewed local scripts that install background behavior or handle messages and uploads.
The reviewed package contains only SKILL.md, yet the instructions depend on multiple executable scripts and a daemon installer from an external/local directory, so their behavior and provenance are not reviewable here.
cd ~/memphis ... ./check-messages-daemon.sh --install ... Scripts Included (v2.1.1): send-message.sh, receive-messages.sh, check-messages-daemon.sh, pinata-upload.sh, pinata-download.sh
Only run these scripts after obtaining Memphis from a trusted source, pinning the version, and inspecting the script contents; the skill package should include or clearly verify the referenced scripts.
Private files, secrets accidentally present in shell history or git diffs, and untrusted document content could be stored in Memphis memory and later reused in answers or sync workflows.
The skill supports persistent indexing and collection of local documents, file changes, git diffs, and shell history, but the artifact does not define exclusions, retention, or approval boundaries for sensitive/private content.
memphis ingest ./docs --recursive --chain research --embed ... memphis watch <path> --chain journal --no-embed ... memphis daemon start (collector-based background tasks: journaling git diffs, shell history, etc.)
Limit ingestion and watchers to explicit safe folders, exclude secrets and shell history, review stored chains regularly, and avoid embedding or syncing sensitive material.
Messages may be exposed, spoofed, or decrypted by anyone who has the shared key and access to the message metadata or CIDs.
The skill documents automated agent-to-agent messaging through Pinata/IPFS and includes a fixed shared encryption key in the instructions, which weakens confidentiality and makes message identity/trust boundaries unclear.
Encrypted Messaging System ... Uploads to Pinata ... Daemon checks every 5 minutes ... Requirements: ... Shared encryption key (844540...dfff)
Use unique per-user/per-agent keys stored in a vault, rotate keys, authenticate peers, avoid sending secrets through this channel, and require user confirmation for sensitive messages.
Background tasks could continue checking, downloading, storing, and acknowledging messages after the immediate user request is complete.
The skill instructs installing a persistent background daemon that automatically performs network and local storage actions, but does not provide clear uninstall, disable, or containment guidance in the supplied artifact.
Install auto-check daemon (every 5 min) ... ./check-messages-daemon.sh --install ... Automatically: Checks share chain for new messages, Downloads from Pinata, Decrypts message, Displays to user, Stores in inbox, Sends ACK
Install daemons only with explicit user approval, document how to stop and uninstall them, and prefer manual checks unless ongoing background behavior is truly needed.
The skill may use API keys or Pinata credentials that can incur charges or access shared storage if configured.
Provider and Pinata credentials are expected for the stated integrations, but the registry metadata declares no credentials, so users need to understand which accounts and scopes the skill may use.
memphis vault add openai-api-key sk-xxx --password-env MEMPHIS_VAULT_PASSWORD ... Configure Pinata creds in ~/.memphis/config.yaml under integrations.pinata or env vars.
Use least-privileged tokens, keep secrets in the vault, avoid exposing vault contents to cloud providers, and revoke credentials when no longer needed.