Security Audit
MemTensor/MemOS:apps/memos-local-openclaw/skill/memos-memory-guide
github.com/MemTensor/MemOSTrust Assessment
MemTensor/MemOS:apps/memos-local-openclaw/skill/memos-memory-guide received a trust score of 80/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.
SkillShield's automated analysis identified 2 findings: 0 critical, 1 high, 1 medium, and 0 low severity. Key findings include Skill has permissions to install and publish other skills, Skill has permissions to write and share public/team memories.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on March 30, 2026 (commit 27c9e719). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings2
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Skill has permissions to install and publish other skills The `memos-memory-guide` skill is granted access to `skill_install` and `skill_publish` tools. While these are intended functionalities for managing skills within the MemOS ecosystem, they represent a significant security risk. A compromised agent using this skill could be coerced (e.g., via prompt injection) into installing malicious skills from external sources or publishing malicious skills to the local agent workspace or team hub. This capability allows the skill to directly influence the supply chain of other skills, potentially leading to widespread compromise within the MemOS ecosystem. Review if the `memos-memory-guide` skill truly requires the ability to `skill_install` and `skill_publish`. If its primary purpose is memory guidance, these skill management capabilities might be overly broad. Consider separating skill management into a dedicated, more restricted skill, or implementing stricter authorization/confirmation mechanisms for these actions (e.g., requiring human approval for skill installation/publication). | LLM | SKILL.md:109 | |
| MEDIUM | Skill has permissions to write and share public/team memories The `memos-memory-guide` skill is granted access to `memory_write_public` and `memory_share` tools. These tools allow the agent to create new memories visible to all local agents or share existing memories with local agents or the team hub. While intended for collaboration, a compromised agent could be coerced (e.g., via prompt injection) into writing or sharing sensitive information it has access to (e.g., from its own context or retrieved via `memory_get` or `task_summary`) to a broader audience. This could lead to unintended data exposure or internal data exfiltration within the MemOS ecosystem. Review if the `memos-memory-guide` skill requires these broad sharing capabilities. Implement stricter controls or agent-side confirmation for sharing sensitive data, especially to the team hub. Ensure that agents are properly isolated and that sensitive data is not inadvertently exposed to agents that might misuse these tools. | LLM | SKILL.md:55 |
Scan History
Embed Code
[](https://skillshield.io/report/54ce9a320797e0ca)
Powered by SkillShield