Is ascottbell/maasv-memory safe?

The skill directs users to install two external packages (maasv from PyPI and @maasv/openclaw-memory from npm) that contain all the actual executable code. These packages are not included in the skill repository and were not analyzed during this audit. The real attack surface lies in those packages, not in this documentation-only skill.

The autoRecall configuration injects stored memories into the agent's context before each turn. If the memory store is poisoned (by another malicious skill, compromised input, or a supply chain attack on the maasv server), this creates a persistent indirect prompt injection vector that would affect all future agent interactions.

The autoCapture feature silently extracts entities from each session without explicit per-session user consent. While this is the intended functionality, it means the agent will automatically store conversation data persistently, which could capture sensitive information discussed in sessions.

The pip install extras include 'anthropic' and 'voyage' which are API clients that communicate with external AI services. While these are legitimate tools, they establish outbound network channels that could theoretically be abused if the maasv server code is compromised.

The skill repo contains only documentation (SKILL.md), metadata (_meta.json), and a lock file. No executable code, no install hooks, no git hooks, no submodules, no symlinks. This is an exemplary minimal-footprint skill.

Installation produced only expected filesystem and network activity. All network traffic was to GitHub (clone), Ubuntu update servers, and local DNS. No skill-triggered processes were observed.