Security Audit

agent-memory-kit

github.com/openclaw/skills

AI SkillCommit 13146e6a3d46

CAUTION

Scanned 2 months ago

Critical

Immediate action required

High

Priority fixes suggested

Medium

Best practices review

Low

Acknowledged / Tracked

Trust Assessment

agent-memory-kit received a trust score of 51/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.

SkillShield's automated analysis identified 7 findings: 5 critical, 0 high, 2 medium, and 0 low severity. Key findings include Missing required field: name, Sensitive environment variable access: $HOME, Command Injection via unsanitized date arguments.

The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 0/100, indicating areas for improvement.

Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.

Layer Breakdown

Manifest Analysis

100%

Static Code Analysis

86%

Dependency Graph

100%

LLM Behavioral Safety

Behavioral Risk Signals

Shell Execution

6 findings

Dynamic Code

5 findings

Excessive Permissions

1 finding

Security Findings7

Severity	Finding	Layer	Location
CRITICAL	Command Injection via unsanitized date arguments The `relative_to_date` function directly interpolates user-controlled input (`$relative`, `$days`, `$months`) into `date -d` commands without proper sanitization. An attacker could inject shell metacharacters (e.g., `;`, `\|`, `&`, `$(...)`) into these arguments to execute arbitrary commands. Sanitize or quote user-provided input before using it in shell commands. For `date -d`, ensure the input is a valid date format or use `printf %q` to properly quote the variable if it must contain arbitrary strings. Prefer using `date -f` with a format string if possible, or a safer date parsing utility.	LLM	lib/search.sh:68
CRITICAL	Command Injection via unsanitized grep arguments The `matches_frontmatter` function directly interpolates user-controlled input (`$filter_tags`, `$filter_project`, `$filter_agent`) into `grep` commands. An attacker could inject shell metacharacters or malicious regex patterns to execute arbitrary commands or cause denial of service. Sanitize or quote user-provided input before using it in shell commands. For `grep`, use `grep -F` to treat the pattern as a fixed string, and ensure the variable is properly quoted (e.g., `grep -qF -- "$tag"`). This prevents regex injection and shell metacharacter expansion.	LLM	lib/search.sh:100
CRITICAL	Command Injection via unsanitized grep arguments in calculate_score The `calculate_score` function directly interpolates user-controlled input (`$filter_tags`, `$query`) into `grep` commands. An attacker could inject shell metacharacters or malicious regex patterns to execute arbitrary commands or cause denial of service. Sanitize or quote user-provided input before using it in shell commands. For `grep`, use `grep -F` to treat the pattern as a fixed string, and ensure the variable is properly quoted (e.g., `grep -qF -- "#$tag"`). This prevents regex injection and shell metacharacter expansion.	LLM	lib/search.sh:127
CRITICAL	Command Injection via unsanitized date arguments in calculate_score The `calculate_score` function directly interpolates a calculated date into a `date -d` command without proper sanitization. While the date is derived internally, the pattern of using `date -d "... days ago"` is vulnerable if the input to `relative_to_date` (which feeds into this logic) were malicious. Ensure all inputs to date commands are strictly validated or properly quoted. For `date -d`, prefer using a fixed format or a safer date parsing utility. The `date -v` (BSD) is safer, but the fallback `date -d` (GNU) is vulnerable.	LLM	lib/search.sh:142
CRITICAL	Command Injection via unsanitized query in search_memory The `search_memory` function directly interpolates the user-controlled `$query` variable into `grep -E` commands. An attacker can inject shell metacharacters (e.g., `;`, `\|`, `&`, `$(...)`) or malicious extended regular expressions to execute arbitrary commands or cause denial of service. Sanitize or quote user-provided input before using it in shell commands. For `grep`, if extended regex is not strictly required, use `grep -F` to treat the pattern as a fixed string. Always quote the variable (e.g., `grep -E -- "$query"`). If extended regex is needed, consider using a safer language or library for regex matching that doesn't involve shell execution, or implement strict input validation.	LLM	lib/search.sh:180
MEDIUM	Missing required field: name The 'name' field is required for claude_code skills but is missing from frontmatter. Add a 'name' field to the SKILL.md frontmatter.	Static	skills/ryancampbell/agent-memory-kit/SKILL.md:1
MEDIUM	Sensitive environment variable access: $HOME Access to sensitive environment variable '$HOME' detected in shell context. Verify this environment variable access is necessary and the value is not exfiltrated.	Static	skills/ryancampbell/agent-memory-kit/lib/search.sh:6

Scan History

Embed Code

[![SkillShield](https://skillshield.io/api/v1/badge/6a43f6ca30e9df49.svg)](https://skillshield.io/report/6a43f6ca30e9df49)