ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

muninn

v2.3.7

Universal Context Protocol (CXP) for AI agents. v2.3.7 includes the latest high-performance CXP engine (compiled 2026-02-13) with fix for memory amnesia, macOS binary support, and pfeilschnell indexing. Created by @Blackknight1dev.

2· 2.4k·1 current·2 all-time
by@endgegnerbert-tech
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The skill's name/description (local CXP memory layer) matches the code and npm install of muninn-core (Node). However the SKILL.md and README claim a bundled Rust CXP engine (compiled 2026-02-13), while the code expects a native binary in a ../bin path; the provided skill files do not include that binary. That gap is notable but plausibly explained if the npm package includes it at publish time.
!
Instruction Scope
Runtime instructions and code enforce a 'Brain-First' protocol and the middleware will automatically intercept many tool calls (filesystem, git, execute_command, etc.) and inject context. The package also writes/updates project files (.muninn contents, .gitignore) and appends a managed 'MUNINN PROJECT BRAIN ENFORCEMENT' block into files like CLAUDE.md, .cursorrules, and .antigravityrules. Automatic modification of repository files and silent injection into many tool responses is consistent with the stated purpose but is scope-creep from a simple 'memory' helper and may be surprising or undesirable to users.
Install Mechanism
Install uses npm (muninn-core) which is a standard mechanism. This is moderate risk but expected for a Node skill. The provided package files/manifest show typical deps. The notable point: SKILL.md references a compiled Rust-based CXP engine; the skill's JS code expects a native binary under ../bin (cxp, cxp-linux, cxp-arm64, etc.). The package contents in this submission do not show that binary, so the runtime may fail or npm may deliver it separately—verify the actual npm release contents before installing.
Credentials
The skill declares no required environment variables or external credentials, and the code does not require cloud keys. A test script and some optional behaviors reference MUNINN_PROJECT_PATH / MUNINN_AUTO_DETECT, but these are not required. No unrelated credentials are requested.
!
Persistence & Privilege
The skill runs persistent filesystem watchers (chokidar) and writes files under the project (.muninn/), updates .gitignore, and appends managed rule blocks to project files (CLAUDE.md, .cursorrules, .antigravityrules). While this is consistent with a local memory system, it is elevated privilege relative to a read-only context helper and could surprise users or pollute repositories. always:false (no global always-on flag) reduces systemic risk, but the skill still makes persistent, project-local changes.
What to consider before installing
Things to check before installing or enabling Muninn: - Verify the npm package contents: confirm that the published muninn-core package actually includes the native 'cxp' binary (for your platform) or documents how to obtain it. If the binary is missing, CXP operations will fail. - Inspect and approve repository modifications: Muninn will create/modify .muninn/, append enforcement blocks to files like CLAUDE.md, .cursorrules, .antigravityrules, and update .gitignore. If you don't want automated edits to project files, do not install or run in production repos. - Review the code that auto-injects context: middleware silently enriches many tool calls (filesystem, git, command execution). Make sure you are comfortable with automatic context injection into tools and responses. - Test in an isolated environment first: run Muninn in a disposable repo or VM to observe behavior (indexing, watcher, file writes) and confirm no unexpected network activity. - Audit the native binary if present: if the package includes a precompiled Rust binary, verify its provenance (publisher, checksums, or GitHub release) before executing native code. - If you need stricter control, require explicit user-invocation for context operations or run with limited permissions and avoid projects with sensitive files until you're confident in behavior. Why 'suspicious' (medium confidence): most behaviors align with a local memory engine, but the missing/assumed native binary and the automatic, persistent modifications to repo files plus wide interception of tool calls are design choices that can be misused or surprising. Additional information (actual npm release contents, presence of the cxp binary, or upstream repository with release tags and checksums) would raise confidence to 'high' and likely move this to 'benign'.

Like a lobster shell, security has layers — review code before you run it.

Runtime requirements

🐦⬛ Clawdis
Binsnode

Install

Install Muninn Core
Bins: muninn-core
npm i -g muninn-core
latestvk973v9bahb0rn0f46mcew57x39812dce
2.4kdownloads
2stars
16versions
Updated 19h ago
v2.3.7
MIT-0
@endgegnerbert-tech
latest
Download

Muninn - The Universal Memory Layer

Muninn is an advanced per-project memory system designed for AI agents. It uses the Context Exchange Protocol (CXP) to provide high-performance, token-efficient context management.

🛡️ Security & Privacy (Local-First)

Muninn is designed with a Privacy-First philosophy.

  • Local Storage: All project indexes and memories are stored exclusively on the host machine within the .muninn/ folder (per project) or ~/.muninn/ (for global settings).
  • No Data Exfiltration: Muninn does not transmit any code, context, or memories to third-party servers or remote APIs. All processing (semantic search, indexing, and context injection) happens locally using the high-performance Rust-based CXP engine.
  • Transparent Control: Memories are stored as standard Markdown files. You can inspect, edit, or delete them at any time.

⚙️ Integration

Muninn operates as an MCP (Model Context Protocol) server.

🚀 The Muninn Protocol (ENFORCED)

As an agent, you MUST follow the "Brain-First" workflow to remain efficient and accurate. The MCP server ensures project safety by validating context before allowing sensitive tool operations.

  1. Orient Yourself (brain_check): Call this at the start of every session or when switching projects. It loads the local project index and identifies key files and patterns.
  2. Search Before You Code (search_context): Never assume you know the codebase. Use local semantic search to find existing patterns or prior decisions.
  3. Learn as You Go (add_memory): Every significant fix, architectural decision, or user preference should be saved locally as a memory.

🛠 Tool Reference (MCP)

  • init_project: Initialize a local Muninn Brain in a project directory.
  • brain_check: MANDATORY orientation step. Loads local context and patterns.
  • add_memory: Persist facts and decisions to the local .muninn/memories folder.
  • search_context: Query the local project index semantically.
  • reindex_context: Rebuild the local semantic index.
  • health_check: Verify the status of the local Muninn system.

🦞 Pro-Tip for Agents

Muninn surgically retrieves only what's needed. Instead of reading large files, use search_context to find the exact lines that matter. This significantly reduces context window overhead and token costs while keeping your work strictly local and secure.

Comments

Loading comments...