kratos-memory

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.80). The skill tells the agent to proactively save arbitrary user-provided text by embedding it verbatim into CLI commands (e.g., kratos-memory save "") and to export memories as JSON, so any secrets the agent sees would be output or passed through commands despite only a non-mandatory "scan" recommendation.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). This skill explicitly instructs running "npx kratos-memory@latest" (which fetches and executes the kratos-memory package from the npm registry at https://registry.npmjs.org/), so remote code would be fetched/executed at runtime and its returned memory summaries directly influence the agent's prompts/instructions.