Is ConaryLabs/Mira safe to install?

ConaryLabs/Mira was flagged as CRITICAL RISK (risk score 141) with 8 findings detected across 0 files. Review the findings before installing.

What security issues were found in ConaryLabs/Mira?

Sigil detected 8 findings in ConaryLabs/Mira, including patterns related to provenance, install_hooks, code_patterns. See the full scan report for details.

Scans/github/ConaryLabs/Mira

ConaryLabs/Mira

github

Summary

ConaryLabs/Mira v2026-03-01 was classified as CRITICAL RISK with a risk score of 141. Sigil detected 8 findings across 0 files, covering phases including provenance, install hooks, code patterns. Review the findings below before installing this package.

Package description: Local MCP server that gives Claude Code persistent context, code intelligence, and background analysis. Runs on your machine, stored in SQLite.

CRITICAL RISK(141)

v2026-03-01

1 March 2026, 03:18 UTC

by Sigil Bot

Risk Score

141

Findings

Files Scanned

Findings by Phase

•

Phase Ordering

Phases are ordered by criticality, with the most dangerous at the top. Click any phase header to expand or collapse its findings. Critical phases are expanded by default.

install-makefile-curl

HIGH

repo/CHANGELOG.md:947

  - Hybrid lookup in user_prompt hook: pre-generated first, fallback to templates
- **One-liner install script** - `curl -fsSL https://raw.githubusercontent.com/ConaryLabs/Mira/main/install.sh | bash` auto-detects OS/arch, downloads the binary, and installs the Claude Code plugin.
- **CLAUDE.md template in installer** - Post-install now guides users to set up project instructions.

install-makefile-curl

HIGH

repo/docs/INSTALLATION.md:23

```bash
curl -fsSL https://raw.githubusercontent.com/ConaryLabs/Mira/main/install.sh | bash
```

install-makefile-curl

HIGH

repo/install.sh:6

# Mira installer
# Usage: curl -fsSL https://raw.githubusercontent.com/ConaryLabs/Mira/main/install.sh | bash

install-makefile-curl

HIGH

repo/plugin/README.md:47

```bash
curl -fsSL https://raw.githubusercontent.com/ConaryLabs/Mira/main/install.sh | bash
```

Badge

Markdown

[![Sigil Scan](https://sigilsec.ai/badge/github/ConaryLabs/Mira)](https://sigilsec.ai/scans/0AC7F995-42B8-4AEC-A33B-004722E51CE9)

HTML

<a href="https://sigilsec.ai/scans/0AC7F995-42B8-4AEC-A33B-004722E51CE9"><img src="https://sigilsec.ai/badge/github/ConaryLabs/Mira" alt="Sigil Scan"></a>

Run This Scan Yourself