Trust Assessment
better-memory received a trust score of 57/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 4 findings: 0 critical, 2 high, 2 medium, and 0 low severity. Key findings include Unsafe deserialization / dynamic eval, Unpinned npm dependency version, Arbitrary Data Directory Allows Data Exfiltration and Excessive Permissions.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 14, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings4
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Unsafe deserialization / dynamic eval Decryption followed by code execution Remove obfuscated code execution patterns. Legitimate code does not need base64-encoded payloads executed via eval, encrypted-then-executed blobs, or dynamic attribute resolution to call system functions. | Manifest | skills/dvntydigital/better-memory/lib/context-guardian.test.js:151 | |
| HIGH | Arbitrary Data Directory Allows Data Exfiltration and Excessive Permissions The skill's CLI (`scripts/cli.js`) and core library (`lib/index.js`, `lib/memory-store.js`, `lib/context-monitor.js`) allow users to specify an arbitrary `dataDir` via the `--data-dir` command-line flag or constructor options. This directory is then used to store sensitive agent data, including `memories.db` (containing all agent memories, identity, and metadata) and `current-session.json` (containing current conversation messages). If an attacker can control this `dataDir` to point to a sensitive or publicly accessible location (e.g., a web server's document root, a shared network drive, or a directory that is regularly backed up and exfiltrated), they can cause the agent's entire memory and session data to be written to that location, leading to data exfiltration. The skill also creates this directory if it doesn't exist, demonstrating excessive write permissions to arbitrary filesystem locations. Sanitize the `dataDir` option to ensure it is always a subdirectory of a secure, skill-specific location (e.g., `~/.clawdbot/skills/better-memory/data`) or `os.homedir()`, preventing arbitrary path specification. Alternatively, restrict the `dataDir` option to only allow relative paths within the skill's installation directory. | LLM | scripts/cli.js:34 | |
| MEDIUM | Unsafe deserialization / dynamic eval Decryption followed by code execution Remove obfuscated code execution patterns. Legitimate code does not need base64-encoded payloads executed via eval, encrypted-then-executed blobs, or dynamic attribute resolution to call system functions. | Manifest | skills/dvntydigital/better-memory/lib/compressor.js:5 | |
| MEDIUM | Unpinned npm dependency version Dependency '@xenova/transformers' is not pinned to an exact version ('^2.17.2'). Pin dependencies to exact versions to reduce drift and supply-chain risk. | Dependencies | skills/dvntydigital/better-memory/package.json |
Scan History
Embed Code
[](https://skillshield.io/report/dd4f4d4ceaee291f)
Powered by SkillShield