Enhanced Memory System with 4 Types

This skill implements a plausible file-backed memory system and semantic search, but it has two notable implementation risks you should consider before installing: 1) Arbitrary filesystem access: although the docs say file paths are relative to the configured memoryDir, the runtime code accepts absolute paths and does not enforce that files live inside memoryDir. If an attacker or a mistaken call provides an absolute path (or path traversal), the skill can read or write files anywhere the agent process can access. To mitigate: only grant the agent limited filesystem permissions, review/patch the code to canonicalize and restrict paths to memoryDir, and avoid passing untrusted file paths to memory_get/memory_write. 2) Shell command injection risk in embedding: embed.ts constructs a curl command via a shell exec and only escapes double quotes; single quotes or other shell metacharacters in the text can break the JSON wrapper and allow command injection. To mitigate: run Ollama via a proper HTTP client (no shell), use execFile/spawn with args, or robustly escape single quotes; avoid enabling vector embeddings on untrusted inputs until fixed. Other notes: the skill runs locally and doesn't phone home, and there is no external install URL, which reduces remote-code risk. Still, if you plan to use it, either run it in a sandbox/container, inspect/patch the code to enforce path confinement and safe subprocess usage, or only use the non-vector (keyword) mode until embedding calls are made safe. If you want, I can produce a minimal patch to (a) enforce that memory_{get,write} only operate under memoryDir and (b) replace the curl/exec code with a safe HTTP request implementation.