Memphis
ReviewAudited by ClawScan on May 10, 2026.
Overview
This documentation-only skill asks users to rely on an unprovided Memphis CLI for persistent memory, secrets, local indexing, and multi-agent sharing, so its high-impact behavior is not reviewable or clearly bounded.
Install only if you are comfortable treating this as documentation for an external, unreviewed Memphis CLI. Before using it, verify the actual CLI source, avoid storing real secrets, do not ingest broad private folders, and leave sharing/sync features disabled until data boundaries are clear.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A user may install what appears to be a complete tool, then be guided to run a command whose actual source and behavior are not supplied by this skill package.
The package claims a complete CLI-based system, but the registry artifact contains no implementation or install mechanism, so the behavior and provenance of the referenced `memphis` commands cannot be reviewed here.
No install spec โ this is an instruction-only skill. No code files present โ this is an instruction-only skill.
Do not run `memphis` commands unless you independently verify where the CLI comes from, how it is installed, and what code it executes.
Private documents or inaccurate/untrusted content could become persistent agent context and influence later answers or decisions.
The skill advertises embedding and reusing local files in persistent memory, but does not define path limits, exclusions, retention, poisoning protections, or how stored context is reused across future tasks.
memphis ingest ./papers --chain research --embed memphis ask "What did paper X say?"
Only ingest narrowly selected, non-sensitive folders until the storage, deletion, exclusion, and retrieval behavior is clearly documented and verified.
Memories, decisions, or other local knowledge could be shared with other agents or networks without clear boundaries if the feature is used.
The artifacts describe syncing and collaboration with other agents over IPFS-like mechanisms, but do not specify identity checks, permissions, data boundaries, or what memory content may be shared.
Share chain sync (IPFS) - Multi-agent collaboration - Agent negotiation (trade protocol)
Avoid multi-agent sync or sharing features unless you can verify exactly what data is shared, with whom, and how authorization is enforced.
Secrets may be placed under the control of an unreviewed local tool.
The vault feature is purpose-aligned, but it asks users to store and retrieve API keys or similar secrets while the actual vault implementation is not included in the reviewed artifacts.
memphis vault add openai-key sk-xxx --password-env MEMPHIS_VAULT_PASSWORD memphis vault get openai-key --password-env MEMPHIS_VAULT_PASSWORD
Use a separate trusted password manager or verify the Memphis vault code, encryption design, and file permissions before storing real credentials.
Users may over-trust the skill and store sensitive notes, documents, or credentials before verifying how the tool actually handles them.
The skill makes strong privacy claims while also advertising secret storage, document ingestion, and multi-agent/IPFS sharing, and the package contains no code to substantiate the privacy or security posture.
vs. Cloud Solutions: - โ 100% Private - โ Offline first - โ No cloud dependency
Treat the privacy claims as unverified marketing until the implementation, storage paths, network behavior, and sharing controls are independently reviewed.