Kannaka Memory
SuspiciousAudited by ClawScan on May 10, 2026.
Overview
Kannaka Memory’s purpose is disclosed, but its installer creates an extension that passes free-form tool inputs into a shell command, which could let crafted memory or query text run local commands.
Review carefully before installing. The main blocker is the shell-command construction in the generated extension; it should be fixed to use safe argument passing before use. If you still proceed, review and pin the GitHub source, avoid storing sensitive memories, and use swarm features only with a trusted NATS server.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A crafted memory, search query, file path, memory ID, or swarm field could run arbitrary commands on the user’s machine when the agent invokes the tool.
The generated extension invokes a shell via execSync and concatenates tool-controlled values into the command. Several parameters are unquoted or only quote-escaped, which does not prevent shell substitutions such as $() or backticks.
const result = execSync(`"${BINARY}" ${args}`, { ... }); ... runCli(`boost ${p.memory_id} --amount ${p.amount ?? 0.3}`)Replace execSync shell strings with execFile/spawn using an argument array, validate IDs/enums/paths strictly, and avoid passing free-form user text through a shell.
The code installed on your machine could change over time even if the skill package you reviewed stays the same.
The installer builds the runtime binary from the current remote repository state rather than a pinned commit or reviewed source included in the package.
git clone --depth 1 https://github.com/NickFlach/kannaka-memory.git "$REPO_DIR" ... cargo build --release --features "hrm,nats"
Review the GitHub repository before installing, prefer a pinned tag or commit, and verify release checksums or reproducible build instructions.
Sensitive or misleading information stored in memory could be recalled in later tasks.
The skill is explicitly designed to store persistent agent memory locally, which is purpose-aligned but affects retention and future context reuse.
Use when agents need persistent memory that fades and dreams ... Memory stored as chiral holographic tensor in local .hrm file
Store only information you are comfortable retaining, periodically review/delete memories, and avoid treating recalled memory as automatically trustworthy.
Using swarm features may publish agent presence or synchronization data to a remote server.
Swarm commands use a default remote NATS server for inter-agent presence and phase synchronization. This is disclosed, but identity, authentication, and data-boundary details are not fully described.
KANNAKA_NATS_URL ... default: nats://swarm.ninja-portal.com:4222 ... Phase gossip and presence published to NATS JetStream
Use swarm commands only when you intend remote coordination, set KANNAKA_NATS_URL to a trusted server, and avoid including sensitive identifiers in swarm names.