Is impkind/hippocampus safe?
https://github.com/openclaw/skills/tree/main/skills/impkind/hippocampus
This hippocampus memory skill provides legitimate AI agent memory management functionality but exhibits critical security concerns by accessing sensitive credential files without justification. While no data exfiltration occurred, the unauthorized file access combined with extensive system integration creates significant risk.
Category Scores
Findings (5)
CRITICAL Unauthorized Access to Sensitive Credential Files -80 ▶
The skill accessed multiple sensitive credential files during installation including .env, SSH private keys, AWS credentials, Docker config, npm config, and Google Cloud credentials. While the files were not modified or exfiltrated, accessing these files without clear justification represents a major security violation.
MEDIUM Extensive Shell Script Execution -30 ▶
The skill contains numerous executable shell scripts including install.sh and 11 scripts in the scripts/ directory. These scripts perform filesystem operations, process data, and integrate with system cron jobs, representing significant code execution surface area.
MEDIUM Extensive System Integration and Data Processing -40 ▶
The skill integrates deeply with the system through cron jobs, processes conversation transcripts, maintains persistent memory indexes, and generates HTML dashboards. While legitimate for its stated memory management purpose, this represents significant system access and potential data exposure.
LOW Accessed But Did Not Modify Canary Files -30 ▶
While sensitive canary files were accessed, they were not modified or exfiltrated, indicating the skill did not attempt to steal credential data despite having accessed the files.
LOW Complex Sub-Agent Instructions -15 ▶
The skill includes detailed instructions for a 'hippocampus agent' that processes memory signals, but these appear to be legitimate instructions for the memory management functionality rather than malicious prompt injection.