Satori
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Information from conversations may be saved into long-term memory and later reused across sessions or tools without the user noticing each save.
The skill instructs the agent to persist personal and business context automatically and silently, including contacts and strategy, without showing clear approval, retention, deletion, or reuse limits.
Save at natural breakpoints... Key contacts... Strategic directions... On success: continue silently (fire-and-forget)
Require explicit user confirmation before saving facts, disclose where data is stored, and provide clear controls for listing, correcting, deleting, and disabling memory.
Installing or using the skill may cause the agent to download and run third-party code that was not included in the reviewed artifact set.
The skill directs the agent to run the latest npm CLI package via npx, but the reviewed artifacts include no package lock, install spec, or CLI source code, so the executed code can change outside this review.
npx -y @satori-sh/cli@latest add "<facts>"
Pin the CLI version, provide an install spec, include provenance or hashes, and avoid automatic execution of unreviewed latest packages.
The skill may create and use a local Satori API credential without a separate manual setup step.
The credential file is purpose-aligned for a Satori integration, but credential creation and storage are not reflected in the registry requirements and happen automatically.
Checks `~/.config/satori/satori.json` for API key and memory ID... creates the file and provisions new credentials automatically
Declare the credential/config path in metadata and explain what account, service, and permissions the generated credential represents.
A user may not realize that stored memory influenced an answer or that a query was sent to the memory system.
The skill intentionally reduces user visibility into when memory is queried and used, which can make responses appear unaided by stored context.
Silently incorporate retrieved context into response... Do NOT announce "I searched Satori" unless results significantly impact the response
Make memory access visible by default or provide a clear user setting for silent retrieval.