Skill Trust Decision

Memphis Cognitive Engine

Name: Memphis Cognitive Engine Trust Review Report
Item: Memphis Cognitive Engine
Rating: 45
Author: ClawSafe

声称是元数据包但文档包含远程脚本执行命令，存在供应链攻击风险

Install decision first Source: ClawHub Scanned: Apr 9, 2026

Files 5

Artifacts 5

Violations 3

Findings 4

Most direct threat evidence

用户阅读 SKILL.md 误解为安全文档 Entry · SKILL.md

执行远程脚本 curl ... | bash 安装 Memphis CLI Escalation · SKILL.md

恶意代码以用户权限执行，完成持久化或数据窃取 Impact · install.sh

Why this conclusion was reached

3/4 dimensions flagged

Block

Declared vs actual capability

3 undeclared or violating capabilities were inferred.

Block

Hidden execution and egress

2 high-risk artifacts or egress signals were extracted.

Block

Attack chain and severe findings

The report includes 3 attack-chain steps and 2 severe findings.

Review

Dependencies and supply chain hygiene

Dependency information is incomplete, so supply-chain confidence stays limited.

Attack Chain

用户阅读 SKILL.md 误解为安全文档

Entry · SKILL.md:1

执行远程脚本 curl ... | bash 安装 Memphis CLI

Escalation · SKILL.md:64

恶意代码以用户权限执行，完成持久化或数据窃取

Impact · install.sh:N/A

What drove the risk score up

远程脚本执行 +30

从 raw.githubusercontent.com/elathoxu-crypto/memphis/main/install.sh 管道执行 bash

供应链攻击向量 +15

声称文档但包含安装命令，攻击者可篡改仓库植入恶意代码

文档-行为不一致 +10

声称META-PACKAGE但指导执行远程脚本

Most important evidence

High Supply Chain

远程脚本执行 - Memphis安装

文档指导用户从 raw.githubusercontent.com/elathoxu-crypto/memphis/main/install.sh 下载并直接管道执行 bash，这是典型的供应链攻击向量

SKILL.md:64

使用官方包管理器安装，勿直接执行远程脚本

High Supply Chain

远程脚本执行 - Ollama安装

从 ollama.com/install.sh 下载并以 sh 执行，攻击者可控制脚本内容

README.md:430

使用包管理器安装 Ollama，避免管道执行远程脚本

Medium Doc Mismatch

元数据包声明与实际行为不符

SKILL.md 声称'META-PACKAGE (documentation only)'，但文档包含完整的远程安装命令，用户执行后将安装并执行第三方代码

SKILL.md:12

分离文档与安装逻辑，明确告知用户安装风险

Low Sensitive Access

克隆仓库到用户home目录

git clone 到 ~/memphis，后续代码将以用户权限运行

SKILL.md:69

考虑使用更隔离的安装路径

Declared capability vs actual capability

Shell Block

Declared NONE

→

Inferred WRITE

SKILL.md:64-65, QUICKSTART.md:13

Filesystem Block

Declared NONE

→

Inferred WRITE

install.sh将在~目录安装文件

Network Block

Declared NONE

→

Inferred READ

从外部URL下载安装脚本

Suspicious artifacts and egress

Critical Dangerous Command

curl -fsSL https://raw.githubusercontent.com/elathoxu-crypto/memphis/main/install.sh | bash

QUICKSTART.md:13

Critical Dangerous Command

curl -fsSL https://ollama.com/install.sh | sh

README.md:430

Medium External URL

https://ollama.com/install.sh

README.md:430

Medium External URL

https://discord.gg/clawd

README.md:496

Medium External URL

https://clawhub.com/skill/memphis-cognitive

README.md:529

Dependencies and supply chain

There are no structured dependency warnings.

File composition

5 files · 1167 lines

Markdown 3 files · 1145 linesShell 1 files · 17 linesJSON 1 files · 5 lines

Files of concern · 3

README.md Markdown · 536 lines

远程脚本执行 - Ollama安装 · curl -fsSL https://ollama.com/install.sh | sh · https://ollama.com/install.sh · https://discord.gg/clawd · https://clawhub.com/skill/memphis-cognitive

SKILL.md Markdown · 536 lines

远程脚本执行 - Memphis安装 · 元数据包声明与实际行为不符 · 克隆仓库到用户home目录

QUICKSTART.md Markdown · 73 lines

curl -fsSL https://raw.githubusercontent.com/elathoxu-crypto/memphis/main/install.sh | bash

Other files · memphis-wrapper.sh · _meta.json

Security positives

Wrapper脚本(memphis-wrapper.sh)逻辑清晰，无恶意代码

声称是开源项目(MIT)，可审查代码

支持多种安装方式(非强制使用远程脚本)

无直接凭证收割或数据外泄行为