Skills
skills/aradotso/ai-agent-skills/agentmemory-persistent-memory/Gen Agent Trust Hub

agentmemory-persistent-memory

Warn

Audited by Gen Agent Trust Hub on May 16, 2026

Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill facilitates the download and installation of the @agentmemory/agentmemory package from the npm registry using npm install and npx. This is an unverifiable third-party package not included in the trusted vendor list.
  • [COMMAND_EXECUTION]: The agentmemory connect commands modify sensitive configuration files in user directories, such as ~/.claude-code/plugins/agentmemory.json and ~/Library/Application Support/Cursor/. This behavior allows the skill to inject its own code or server settings into other applications.
  • [COMMAND_EXECUTION]: The instructions include the use of npx -y @agentmemory/agentmemory@latest, which allows for the immediate execution of remote code without pinning a specific version or performing integrity checks.
Audit Metadata
Risk Level
MEDIUM
Analyzed
May 16, 2026, 06:51 PM
Security Audit — agent-trust-hub — agentmemory-persistent-memory