Scan Report
15 /100
nexo-brain
Cognitive memory system for AI agents — Atkinson-Shiffrin memory model, semantic RAG, trust scoring, and metacognitive error prevention
NEXO Brain is a well-documented cognitive memory skill with no embedded code, only a metadata file that describes installing a legitimate npm package and configuring an MCP server.
Safe to install
This skill is safe as delivered. However, verify the npm package 'nexo-brain' integrity before installation, as the skill defers execution to an external package. No local security risks from the SKILL.md file itself.
Findings 1 items
| Severity | Finding | Location |
|---|---|---|
| Low | External npm package dependency Supply Chain | SKILL.md:11 |
| Resource | Declared | Inferred | Status | Evidence |
|---|---|---|---|---|
| Filesystem | NONE | NONE | — | No file operations in SKILL.md |
| Network | NONE | NONE | — | No network calls in skill file; only documentation URLs |
| Shell | NONE | NONE | — | No shell commands in SKILL.md |
| Environment | NONE | NONE | — | No environment access |
| Skill Invoke | NONE | NONE | — | No inter-skill invocation |
| Clipboard | NONE | NONE | — | No clipboard access |
| Browser | NONE | NONE | — | No browser access |
| Database | NONE | NONE | — | Skill references SQLite usage but only in documentation |
1 findings
Medium External URL 外部 URL
https://www.npmjs.com/package/nexo-brain SKILL.md:101 File Tree
1 files · 3.5 KB · 101 lines Markdown 1f · 101L
└─
SKILL.md
Markdown
Security Positives
✓ No embedded code or scripts in the skill file
✓ Complete documentation of intended functionality
✓ No credential harvesting or environment variable access
✓ No network calls or data exfiltration channels
✓ No obfuscation or base64-encoded content
✓ Clear separation between skill metadata and actual implementation