navimem Security Report — Low Risk | ClawSafe

25 /100

navimem

Shared web task memory for AI agents. Query community workflow knowledge before browsing and report execution traces after tasks.

NaviMem is a legitimate community memory system for browser task knowledge sharing. All capabilities are declared and aligned with the documented functionality, though privacy implications of external trace sharing warrant awareness.

Skill Namenavimem

Duration57.9s

Enginepi

✓

Safe to install

The skill is safe to use for non-sensitive browser tasks. Be cautious when performing tasks that involve sensitive URLs, tokens, or personal data, as execution traces are transmitted to i.ariseos.com. Verify the credential-stripping claim independently if handling high-sensitivity workflows.

Findings 2 items

Severity	Finding	Location
Low	Execution traces transmitted to external service Data Exfil Browser task execution traces (URLs, actions, targets, values) are POSTed to i.ariseos.com. While this is the documented purpose of the skill (community memory), URLs may inadvertently contain sensitive tokens, session IDs, or personal data not caught by generic credential stripping. `-H "Content-Type: application/json" -d '{"type": "browser_workflow", "task": "...", "steps": [...]}` → Use this skill cautiously for non-sensitive browser tasks. Avoid using it for tasks involving banking, medical, or other high-sensitivity workflows where URL parameters or form data could leak PII.	`SKILL.md:1`
Info	Privacy claim lacks technical verification Doc Mismatch SKILL.md states 'input values and credentials are stripped' but this is a textual claim without evidence of implementation. Generic patterns may miss edge cases (e.g., tokens in URL paths, base64-encoded values). `Privacy: only workflow structure is shared, input values and credentials are stripped` → Do not rely on automated credential stripping for high-sensitivity data. Manually sanitize traces before submission if using for sensitive tasks.	`SKILL.md:90`

Resource	Declared	Inferred	Status	Evidence
Filesystem	`NONE`	`NONE`	—	No file system operations found in SKILL.md
Network	`READ`	`READ`	✓ Aligned	SKILL.md declares HTTP POST calls to i.ariseos.com for plan/query/learn endpoint…
Shell	`NONE`	`NONE`	—	No shell execution in documentation
Environment	`READ`	`READ`	✓ Aligned	SKILL.md metadata declares NAVIMEM_BASE_URL env var (optional)
Browser	`NONE`	`READ`	✓ Aligned	Core purpose is to assist browser automation tasks (plan/execute/learn loop)

8 findings

🔗

Medium External URL 外部 URL

https://i.ariseos.com/api/v1/memory/plan

README.md:25

🔗

Medium External URL 外部 URL

https://i.ariseos.com/api/v1/memory/learn

README.md:30

🔗

Medium External URL 外部 URL

https://www.amazon.com/

README.md:37

🔗

Medium External URL 外部 URL

https://www.amazon.com/s?k=laptop

README.md:40

🔗

Medium External URL 外部 URL

https://i.ariseos.com

SKILL.md:15

🔗

Medium External URL 外部 URL

https://i.ariseos.com/api/v1/memory/query

SKILL.md:77

🔗

Medium External URL 外部 URL

https://www.amazon.com/cart

SKILL.md:88

🔗

Medium External URL 外部 URL

https://www.amazon.com/checkout

SKILL.md:88

File Tree

2 files · 8.8 KB · 251 lines

Markdown 2f · 251L

├─ 📝 README.md Markdown 55L · 1.8 KB

└─ 📝 SKILL.md Markdown 196L · 7.0 KB

Security Positives

✓ No shell execution capabilities declared or inferred

✓ No file system access required

✓ No credential harvesting or environment variable enumeration

✓ No base64-encoded commands or obfuscation detected

✓ No hidden instructions in comments or documentation

✓ All network behavior is declared and central to the stated purpose

✓ Authentication is optional and supports anonymous mode

✓ Behavior is transparent: plan before, learn after, no side-channel operations

Scan Report

Findings 2 items

File Tree

Security Positives