memoryvault

[Skill Scanner] Natural language instruction to download and install from URL detected All findings: [CRITICAL] command_injection: Natural language instruction to download and install from URL detected (CI009) [AITech 9.1.4] [HIGH] command_injection: Backtick command substitution detected (CI003) [AITech 9.1.4] BENIGN: The code fragment is a descriptive usage guide for MemoryVault’s public API, detailing how to register, store, retrieve, and manage memories with proper API key usage. There are no suspicious or malicious code paths, credential harvesting mechanisms, or deceptive data flows evident in the fragment. The data flows are consistent with a typical RESTful API integration to a remote service, and any exposure of data is governed by explicit visibility controls described in the docs. LLM verification: This skill's functionality matches its stated purpose (cloud memory); however, it requires trusting a third-party domain with agent data and bearer credentials and recommends insecure local storage (plaintext file and exported env var). There is no direct evidence of malware or obfuscated backdoors in the provided documentation, but the design creates realistic opportunities for credential harvesting and remote influence if the external service is malicious or compromised. Overall risk is modera