codebase-memory-mcp-intelligence
Fail
Audited by Gen Agent Trust Hub on May 16, 2026
Risk Level: CRITICALREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [REMOTE_CODE_EXECUTION]: The installation instructions in 'SKILL.md' use 'curl' to download a shell script from 'https://raw.githubusercontent.com/DeusData/codebase-memory-mcp/main/install.sh' and pipe it directly to 'bash'. This pattern allows for the execution of remote code without manual review or verification.
- [COMMAND_EXECUTION]: The skill contains instructions to execute sensitive system commands, including using 'sudo' to modify kernel parameters ('fs.inotify.max_user_watches') and running scripts downloaded via 'Invoke-WebRequest' on Windows.
- [EXTERNAL_DOWNLOADS]: The setup process requires downloading scripts and binary releases from the 'DeusData' GitHub organization, which is not an identified trusted source for this vendor. The installer also automatically modifies the configuration files of various AI agents to register the MCP server.
Recommendations
- HIGH: Downloads and executes remote code from: https://raw.githubusercontent.com/DeusData/codebase-memory-mcp/main/install.sh - DO NOT USE without thorough review
- AI detected serious security threats
Audit Metadata