hippocampus-memory

[Skill Scanner] Backtick command substitution detected The provided documentation describes a legitimate-looking local memory management subsystem for AI agents that persistently captures and processes conversation-derived signals. There is no direct evidence in this fragment of overt malware (no network exfiltration code, no obfuscation, no hard-coded credentials). However, the design materially increases privacy and operational risk: it persistently stores sensitive user data without documented protections and enables autonomous, scheduled agent execution that could be leveraged to exfiltrate or misuse data if the runtime environment permits network/connector actions. Prior to deployment, review the actual install and script implementations for network activity and dangerous behaviors, apply strict filesystem permissions or encryption for memory files, add explicit consent/retention policies, and lock down scheduled agent capabilities. LLM verification: This SKILL.md describes a legitimate-seeming local persistent memory system for AI agents. In the provided text there is no direct malicious code, hardcoded secrets, obfuscation, or explicit network exfiltration. However, there are notable supply-chain and privacy risks: (1) install.sh and other scripts are not shown — they could perform dangerous actions (downloads, uploads, credential forwarding); (2) cron registration with agent-run commands enables autonomous periodic execution which could b