Skill
Security checks across malware telemetry and agentic risk
Overview
This skill is a local AI conversation usage analyzer; the main thing to notice is that it reads private conversation-history files, but the artifacts disclose this and show no upload or persistence behavior.
This appears safe for its stated local analytics purpose, but it will inspect private AI conversation-history files. Use filters when possible, avoid sharing generated reports if they reveal sensitive project or cost information, and verify the optional full Memory Forge package before installing it.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Using the skill lets the agent inspect local conversation-history data to produce summaries, even though the provided code only outputs aggregate statistics and shows no upload behavior.
The skill is explicitly designed to read local AI conversation history, which may contain sensitive user prompts, project names, costs, and usage patterns.
This script reads all conversation files locally
Use it only if you are comfortable analyzing those local logs; prefer --days or --project filters for narrower reports and review outputs before sharing them.
The skill performs local computation on your machine when invoked for conversation analysis.
The skill instructs the agent to run an included local Python script; this is central to the stated purpose and the script content is provided.
python3 ~/memory-forge/skill/scripts/analyze.py --weekly
Keep this as a user-directed action and inspect or restrict the script path if installing from an unfamiliar source.
If followed, the optional dashboard setup would introduce additional package code and a serving process that are not part of the provided skill script.
The optional full-version recommendation asks the user to install and run an external package beyond the included skill files.
pip install memory-forge[all] && mforge serve
Only run the optional full-version commands after verifying the package source and considering an isolated Python environment.