code-memory-skill
Security checks across static analysis, malware telemetry, and agentic risk
Overview
No artifact-backed suspicious behavior could be confirmed, but the workspace artifacts could not be inspected in this run.
Treat this as an inconclusive low-confidence review: the local artifact files could not be read due the workspace command failure, so review metadata.json and artifact/ contents before installing.
Publisher note
Documentation-only skill. It references the upstream code-memory MCP server and documents security risks: trust_remote_code=True, unauthenticated SSE if exposed, indexed secrets/local DB sensitivity, and package/model/binary supply-chain concerns. The skill bundle contains SKILL.md and LICENSE.md only; no executable scripts are bundled.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
No visible risk-analysis findings were reported for this release.