Trust Assessment
amygdala-memory received a trust score of 10/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 16 findings: 2 critical, 2 high, 11 medium, and 1 low severity. Key findings include Sensitive environment variable access: $HOME, jq command injection via --dimension argument, Path traversal via AGENT_ID environment variable.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 8/100, indicating areas for improvement.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings16
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | jq command injection via --dimension argument The `get-state.sh` script constructs a `jq` query using the `--dimension` argument directly from user input. An attacker can inject arbitrary `jq` expressions, including the `system("command")` function, to execute shell commands on the host system. This allows for full command injection. Sanitize or validate the `$DIMENSION` input to ensure it only contains allowed alphanumeric characters and does not contain `.` or other `jq` path separators. A safer approach is to explicitly whitelist allowed dimension names and check the input against this list. | LLM | scripts/get-state.sh:30 | |
| CRITICAL | jq command injection via --dimension argument The `update-state.sh` script constructs `jq` queries using the `--dimension` argument directly from user input. An attacker can inject arbitrary `jq` expressions, including the `system("command")` function, to execute shell commands on the host system or modify JSON in unintended ways. This allows for full command injection. Sanitize or validate the `$DIMENSION` input to ensure it only contains allowed alphanumeric characters and does not contain `.` or other `jq` path separators. A safer approach is to explicitly whitelist allowed dimension names and check the input against this list. | LLM | scripts/update-state.sh:50 | |
| HIGH | Path traversal via AGENT_ID environment variable The `preprocess-emotions.sh` script constructs the `TRANSCRIPT_DIR` path using the `AGENT_ID` environment variable, which is user-controlled. An attacker can set `AGENT_ID` to values containing path traversal sequences (e.g., `../`, `../../etc`) to make the script read files from arbitrary directories outside the intended skill workspace. This can lead to data exfiltration of sensitive files. Sanitize the `AGENT_ID` environment variable to remove or prevent path traversal characters (e.g., `.` or `/`). Ensure `AGENT_ID` is a simple alphanumeric string or validate it against a whitelist of allowed agent IDs. | LLM | scripts/preprocess-emotions.sh:12 | |
| HIGH | Arbitrary file write via --output argument The `sync-state.sh` script allows a user to specify an arbitrary output file path using the `--output` argument. The script then writes the generated markdown content to this user-controlled path. An attacker can specify paths to sensitive system or user configuration files (e.g., `/etc/passwd`, `~/.bashrc`) to overwrite them, potentially leading to privilege escalation, denial of service, or other system compromise. Restrict the `--output` path to be strictly within the `$WORKSPACE` directory or a designated safe subdirectory. Implement robust path validation to prevent path traversal (`..`) or absolute paths outside the allowed scope. | LLM | scripts/sync-state.sh:10 | |
| MEDIUM | Sensitive environment variable access: $HOME Access to sensitive environment variable '$HOME' detected in shell context. Verify this environment variable access is necessary and the value is not exfiltrated. | Static | skills/impkind/amygdala-memory/install.sh:7 | |
| MEDIUM | Sensitive environment variable access: $HOME Access to sensitive environment variable '$HOME' detected in shell context. Verify this environment variable access is necessary and the value is not exfiltrated. | Static | skills/impkind/amygdala-memory/scripts/decay-emotion.sh:9 | |
| MEDIUM | Sensitive environment variable access: $HOME Access to sensitive environment variable '$HOME' detected in shell context. Verify this environment variable access is necessary and the value is not exfiltrated. | Static | skills/impkind/amygdala-memory/scripts/encode-pipeline.sh:16 | |
| MEDIUM | Sensitive environment variable access: $HOME Access to sensitive environment variable '$HOME' detected in shell context. Verify this environment variable access is necessary and the value is not exfiltrated. | Static | skills/impkind/amygdala-memory/scripts/generate-dashboard.sh:7 | |
| MEDIUM | Sensitive environment variable access: $HOME Access to sensitive environment variable '$HOME' detected in shell context. Verify this environment variable access is necessary and the value is not exfiltrated. | Static | skills/impkind/amygdala-memory/scripts/get-state.sh:7 | |
| MEDIUM | Sensitive environment variable access: $HOME Access to sensitive environment variable '$HOME' detected in shell context. Verify this environment variable access is necessary and the value is not exfiltrated. | Static | skills/impkind/amygdala-memory/scripts/load-emotion.sh:7 | |
| MEDIUM | Sensitive environment variable access: $HOME Access to sensitive environment variable '$HOME' detected in shell context. Verify this environment variable access is necessary and the value is not exfiltrated. | Static | skills/impkind/amygdala-memory/scripts/preprocess-emotions.sh:11 | |
| MEDIUM | Sensitive environment variable access: $HOME Access to sensitive environment variable '$HOME' detected in shell context. Verify this environment variable access is necessary and the value is not exfiltrated. | Static | skills/impkind/amygdala-memory/scripts/sync-state.sh:7 | |
| MEDIUM | Sensitive environment variable access: $HOME Access to sensitive environment variable '$HOME' detected in shell context. Verify this environment variable access is necessary and the value is not exfiltrated. | Static | skills/impkind/amygdala-memory/scripts/update-state.sh:10 | |
| MEDIUM | Sensitive environment variable access: $HOME Access to sensitive environment variable '$HOME' detected in shell context. Verify this environment variable access is necessary and the value is not exfiltrated. | Static | skills/impkind/amygdala-memory/scripts/update-watermark.sh:10 | |
| MEDIUM | Sensitive environment variable access: $HOME Access to sensitive environment variable '$HOME' detected in shell context. Verify this environment variable access is necessary and the value is not exfiltrated. | Static | skills/impkind/amygdala-memory/scripts/visualize.sh:8 | |
| LOW | Malformed JSON due to insufficient escaping of user input The `log-event.sh` script manually constructs a JSON string from user-provided key-value pairs. While it attempts to escape double quotes in values, it does not handle backslashes or other JSON special characters (e.g., `\n`, `\t`) in values, nor does it escape double quotes or backslashes in keys. This can lead to malformed JSON being written to `brain-events.jsonl`, which could cause downstream parsers to fail or misinterpret data, leading to data corruption or denial of service for data processing. Use a robust JSON library or tool (e.g., `jq --arg` or a Python `json` module) to construct JSON objects from user input. These tools handle proper escaping of all special characters automatically, ensuring valid JSON output. | LLM | scripts/log-event.sh:26 |
Scan History
Embed Code
[](https://skillshield.io/report/8b1f2af5bebb9fde)
Powered by SkillShield