Trust Assessment
agentmemory received a trust score of 95/100, placing it in the Trusted category. This skill has passed all critical security checks and demonstrates strong security practices.
SkillShield's automated analysis identified 1 finding: 0 critical, 0 high, 1 medium, and 0 low severity. Key findings include Unverified Skill Download Source.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 12, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings1
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| MEDIUM | Unverified Skill Download Source The skill documentation instructs users to download the `SKILL.md` file directly from `https://agentmemory.cloud/skill.md` using `curl`. While `agentmemory.cloud` is the service provider, relying on an external domain for skill installation introduces a supply chain risk. If `agentmemory.cloud` were compromised, a malicious `SKILL.md` could be served to users, potentially leading to prompt injection or other attacks on the agent once the compromised skill is installed. The skill is currently provided from `github.com/openclaw/skills`, but the local installation instructions point to an external, unverified source. Recommend hosting the skill package directly within the trusted skill repository (e.g., `openclaw/skills`) or providing a cryptographic hash (e.g., SHA256) for users to verify the downloaded file's integrity. Alternatively, remove the local installation instruction if the skill is primarily consumed via URL from the trusted repository. | LLM | SKILL.md:38 |
Scan History
Embed Code
[](https://skillshield.io/report/0a55bebc50bb791b)
Powered by SkillShield