MidOS MCP — Knowledge OS for AI Agents
Security checks across static analysis, malware telemetry, and agentic risk
Overview
MidOS is a disclosed remote knowledge and memory MCP, but it also advertises broad shell, file, network, notification, and persistent-memory tools without clear safeguards.
Review this skill before installing. It may be useful as a knowledge and memory MCP, but do not enable broad execution, file, git, HTTP, or webhook tools unless you can sandbox them and approve each high-impact action. Treat saved memories as persistent external data and avoid storing secrets.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If these MCP tools are available to an agent, a mistaken or over-eager invocation could run commands, modify files, or fetch network content outside the user's intended scope.
The skill advertises broad command execution, file operations, git, and network fetching, but the artifacts do not state sandbox limits, allowed paths, confirmation requirements, or rollback controls.
| ⚙️ Execution | `maker_run_bash`, `maker_read_file`, `maker_write_file` | File ops, shell commands, git, HTTP fetch |
Only enable the execution tools in a sandboxed environment, require explicit user approval for shell/file operations, and ask the publisher for documented path, command, and network restrictions.
Information saved to memory may influence later agent behavior or persist longer than the user expects.
Persistent memory is a core disclosed feature, but it means user preferences, decisions, and retrieved context may be stored and reused across future sessions.
`mem_save` / `mem_search` backed by LanceDB. Memories survive across sessions.
Avoid saving secrets or sensitive personal data, review what is stored when possible, and confirm deletion/retention controls before relying on it for private work.
Messages sent through webhooks or chat integrations could disclose task details to external services or shared channels.
The skill discloses webhook and chat-notification capabilities, but the artifacts do not define destination validation, content limits, or approval expectations.
| 🔔 Notify | `maker_notify_discord`, `maker_notify_webhook` | Notifications to Discord, webhooks, Slack |
Confirm the exact destination and message content before allowing notification tools, especially for private projects.
Users who self-host would be running code that was not reviewed in this skill package.
The optional self-hosting path pulls and runs code from an external repository that is not included in the submitted skill artifacts.
git clone https://github.com/MidOSresearch/midos-core ... python -m modules.mcp_server.midos_mcp --http --port 3100
Audit the repository, pin a specific commit or release, and run it in an isolated environment before self-hosting.