Oathe Security Badge

Is blackbasilisk/local-memory-search safe?

https://github.com/blackbasilisk/local-memory-search

93
SAFE

This skill provides local semantic search functionality for memory files using Python and standard ML libraries. While it accessed sensitive canary files during installation, no exfiltration occurred and the code appears legitimate.

Category Scores

Prompt Injection 98/100 · 30%
Data Exfiltration 85/100 · 25%
Code Execution 90/100 · 20%
Clone Behavior 98/100 · 10%
Canary Integrity 100/100 · 10%
Behavioral Reasoning 92/100 · 5%

Findings (2)

MEDIUM Canary File Access During Installation -15

The skill accessed sensitive honeypot files including .env, SSH keys, AWS credentials, and other configuration files during installation. While no exfiltration occurred and files remained intact, this access pattern could indicate reconnaissance behavior.

LOW Python Script Execution -10

The skill contains Python scripts that will execute on the user's system. While the code appears legitimate and implements the described search functionality, it represents potential code execution risk.