codebase-memory-mcp-intelligence

CRITICAL E005: Suspicious download URL detected in skill instructions.

• Suspicious download URL detected (high risk: 0.90). Yes — the bundle instructs running raw install scripts (raw.githubusercontent URLs and GitHub releases from an unverified account) via curl|bash and a PowerShell installer, which are high‑risk vectors for malware distribution even if some domains (ara.so, localhost) look benign.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The Quick Install commands fetch and execute remote install scripts (e.g., curl -fsSL https://raw.githubusercontent.com/DeusData/codebase-memory-mcp/main/install.sh | bash and Invoke-WebRequest https://raw.githubusercontent.com/DeusData/codebase-memory-mcp/main/install.ps1 then .\install.ps1), which clearly execute remote code during installation and are required to obtain/run the MCP, so they present a high-risk runtime external dependency.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 0.90). The prompt includes commands that modify system state (curl|bash installer, installing/uninstalling binaries, and explicit sudo instructions to append to /etc/sysctl.conf and run sysctl), which can require elevated privileges and alter the host system.