agent-memory-mcp

CRITICAL E005: Suspicious download URL detected in skill instructions.

• Suspicious download URL detected (high risk: 0.70). This is a GitHub repository from an unverified/unknown account that instructs cloning and running npm scripts (which can execute arbitrary code), so it is potentially risky unless the repository and its code are reviewed and verified.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The skill's setup instructs cloning and running code from https://github.com/webzler/agentMemory.git (git clone, npm install, npm run start-server), which fetches remote code that is then executed as a required runtime component, so it can directly control agent behavior.