Oathe Security Badge

Is SpillwaveSolutions/project-memory safe?

https://github.com/SpillwaveSolutions/project-memory

92
SAFE

The project-memory skill appears to be a legitimate tool for managing institutional knowledge in software projects through structured documentation and agent behavior modification. While it does modify agent behavior through CLAUDE.md updates, this is transparent and appropriate for its stated purpose, with good security practices included.

Category Scores

Prompt Injection 85/100 · 30%
Data Exfiltration 95/100 · 25%
Code Execution 95/100 · 20%
Clone Behavior 100/100 · 10%
Canary Integrity 100/100 · 10%
Behavioral Reasoning 80/100 · 5%

Findings (4)

LOW Agent Behavior Modification via CLAUDE.md -15

The skill instructs the agent to modify CLAUDE.md with memory-aware protocols that change how the agent behaves, including checking memory files before proposing changes and referencing documented facts over assumptions.

INFO Security Best Practices Included -5

The skill includes explicit security warnings in templates advising users never to store passwords, API keys, or sensitive credentials in memory files, demonstrating good security awareness.

INFO Instructional Bash Examples Only -5

The skill contains bash command examples for searching memory files, but these are instructional examples rather than executable code.

LOW Potential for Subtle Behavior Influence -20

While legitimate, the memory system could potentially be misused by sophisticated attackers to gradually influence agent behavior through stored instructions in memory files.