Is jameseball/enhanced-memory safe?

https://github.com/openclaw/skills/tree/main/skills/jameseball/enhanced-memory

94
SAFE

This is a legitimate memory search enhancement tool that improves search capabilities through hybrid vector/keyword matching and requires local Ollama installation. The code is clean Python scripts that perform only local operations with no malicious behavior detected.

Category Scores

Prompt Injection 100/100 · 30%
Data Exfiltration 90/100 · 25%
Code Execution 95/100 · 20%
Clone Behavior 100/100 · 10%
Canary Integrity 100/100 · 10%
Behavioral Reasoning 90/100 · 5%

Findings (3)

LOW Automatic processing of core workspace files -10

The skill automatically indexes core workspace files (MEMORY.md, AGENTS.md, USER.md, SOUL.md, research.md) which may contain sensitive user data. While this is intended functionality for a memory search tool, users should be aware that these files will be processed and embedded.

LOW External dependency requirement -5

The skill requires Ollama to be installed and running locally on port 11434. While Ollama is a legitimate tool, this adds an external dependency that expands the attack surface.

LOW Broad file access scope -10

The skill reads from multiple directories and file types across the workspace, including memory files and core configuration files. This is consistent with its stated purpose but represents significant data access.