Trust Assessment
agentmem received a trust score of 94/100, placing it in the Trusted category. This skill has passed all critical security checks and demonstrates strong security practices.
SkillShield's automated analysis identified 1 finding: 0 critical, 0 high, 1 medium, and 0 low severity. Key findings include Potential Data Exfiltration via Local File Upload.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings1
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| MEDIUM | Potential Data Exfiltration via Local File Upload The skill's documentation provides an example command that reads the content of a local file (e.g., `memory/*.md`) and sends it to the external `https://api.agentmem.io` endpoint. While this is presented as the intended functionality for 'memory sync,' it constitutes a pattern of exfiltrating local data to a third-party service. An AI agent executing this example would transmit the content of its local memory files to AgentMem. Ensure users are fully aware that local files will be transmitted to a third-party service. Implement explicit user consent mechanisms before executing such commands. Consider sanitizing or redacting sensitive information from local files before transmission, or provide clear guidance on what kind of data should be stored in these files. | LLM | SKILL.md:182 |
Scan History
Embed Code
[](https://skillshield.io/report/8f5d562b0a120627)
Powered by SkillShield