memory-referee
Security checks across static analysis, malware telemetry, and agentic risk
Overview
The skill appears to be a scoped memory-record adjudicator with no credential, network, destructive, or persistent runtime behavior shown, but users should notice its role in downstream memory decisions and its development/setup notes.
This skill looks safe to use for its stated purpose when you provide it only the memory records you intend to adjudicate. Before installing or building, review the npm dependency setup, and remember that its output should guide—not automatically replace—important memory or agent decisions.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Bad or manipulated memory records could be summarized, classified, archived, or flagged in ways that influence later agent decisions.
The skill is explicitly intended to transform memory records that may later influence other agent workflows, so poisoned or incorrect input records could affect downstream context if the report is over-trusted.
Use it after running ontology or Proactive Agent to clean up accumulated memory before passing it downstream.
Use scoped input records, preserve provenance, and treat the adjudication report as a decision aid that may need human review for important memory changes.
Installing or building the package will rely on npm dependencies even though the registry install metadata does not declare an install flow.
Although the registry section says there is no install spec, the project documentation describes npm-based setup for the Node package.
npm install npm run build
Review the package.json/package-lock dependency set and run npm install/build only if you intend to use the packaged Node implementation.
If an agent treats repository guidance as binding, it may change how it performs development tasks in this repository by routing work through Saturnday commands.
This repository instruction file could influence an agent that automatically loads project guidance, but it appears scoped to development/governance work rather than the memory-referee runtime.
Do NOT edit files directly. All changes must go through Saturnday
Treat CLAUDE.md as development guidance only; do not let it override the user’s instructions for normal skill invocation.