Enhanced Memory System V3

A malicious search query or saved memory entry could run commands on the user's machine when vector search is used.

The skill constructs a shell command from the search query or memory text and executes it. Only double quotes are escaped, so crafted text containing shell-breaking characters could execute local commands.

If invoked with a crafted path, the agent could read files outside the memory store, potentially exposing private local files.

memory_get accepts absolute paths and relative paths without checking that the resolved file remains inside memoryDir.

A mistaken or manipulated invocation could create or overwrite files outside the intended memory directory.

memory_write uses the same unbounded path expansion and then writes to that resolved path, including overwrite mode.

Private user preferences, feedback, project notes, or secrets stored in memory may leave the local machine and be processed by a third-party provider.

AutoDream builds prompts from memory file contents and sends them to the MiniMax API.

A cloud API key may be used automatically for memory consolidation, potentially consuming account quota and granting access not obvious from the registry metadata.

The code uses a MiniMax bearer token from the environment, but the registry metadata declares no required environment variables or primary credential.

Private and team memory categories may be mixed in search results or reused in future context more broadly than the user expects.

The tool accepts a memory type parameter, but the handler does not pass it to the search function, weakening the advertised user/feedback/project/reference separation.

An incorrect consolidation could erase or distort memory and affect future sessions that rely on that stored context.

The skill describes automatic background consolidation that can delete and update persistent memory, but the artifacts do not show review, backup, or rollback controls.