memory-lancedb-pro
Fail
Audited by Gen Agent Trust Hub on Mar 22, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill provides instructions to download setup and validation scripts from the author's GitHub repository. Evidence found in SKILL.md points to https://raw.githubusercontent.com/CortexReach/toolbox/main/memory-lancedb-pro-setup/setup-memory.sh and https://raw.githubusercontent.com/CortexReach/toolbox/main/memory-lancedb-pro-setup/scripts/config-validate.mjs.
- [REMOTE_CODE_EXECUTION]: The skill uses patterns that execute code downloaded from a remote source. The documentation describes a 'one-click installer' using curl -fsSL | bash in SKILL.md. The 'Config validation tool' is executed by downloading a .mjs file and running it with node.
- [COMMAND_EXECUTION]: The agent is instructed to use various system commands and local CLI tools to perform its tasks. File system operations such as ls, mv, and unzip are suggested for installation. Plugin and gateway management is performed via openclaw commands (e.g., openclaw config, openclaw gateway restart). Network tools like curl are used to verify API keys for services like Jina, OpenAI, and SiliconFlow by sending authentication headers to their respective APIs. Local LLM management is performed via ollama commands (e.g., ollama pull, ollama list).
Recommendations
- HIGH: Downloads and executes remote code from: https://raw.githubusercontent.com/CortexReach/toolbox/main/memory-lancedb-pro-setup/setup-memory.sh, https://raw.githubusercontent.com/CortexReach/toolbox/main/memory-lancedb-pro-setup/scripts/config-validate.mjs - DO NOT USE without thorough review
Audit Metadata