Trust Assessment
chaos-memory received a trust score of 10/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 9 findings: 3 critical, 1 high, 5 medium, and 0 low severity. Key findings include Persistence / self-modification instructions, Sensitive environment variable access: $HOME, Sensitive environment variable access: $GITHUB_REPO.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The Manifest Analysis layer scored lowest at 40/100, indicating areas for improvement.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings9
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Persistence / self-modification instructions systemd service persistence Remove any persistence mechanisms. Skills should not modify system startup configurations, crontabs, LaunchAgents, systemd services, or shell profiles. | Manifest | skills/hargabyte/chaos-mind/scripts/setup-service.sh:65 | |
| CRITICAL | Persistence / self-modification instructions Shell RC file modification for persistence Remove any persistence mechanisms. Skills should not modify system startup configurations, crontabs, LaunchAgents, systemd services, or shell profiles. | Manifest | skills/hargabyte/chaos-mind/install.sh:268 | |
| CRITICAL | SQL Injection in generated chaos-cli script The `install.sh` script generates a `chaos-cli` wrapper script that is vulnerable to SQL injection. The `sanitize_sql` function only escapes single quotes, which is insufficient to prevent SQL injection. More critically, the `LIMIT` parameter is directly inserted into the SQL query without any sanitization or type checking. This allows an attacker to inject arbitrary SQL commands, including multi-statement commands, by crafting a malicious value for the search query or the limit parameter. This could lead to data exfiltration, modification, or deletion of the local memory database. 1. For the `QUERY` parameter: Implement robust SQL escaping for `LIKE` clauses, or preferably, use parameterized queries if `dolt sql` supports them. Ensure all special characters (e.g., `%`, `_`, `'`) are properly escaped for the context of a `LIKE` clause. 2. For the `LIMIT` parameter: Strictly validate that the input is an integer before constructing the SQL query. For example, use shell parameter expansion like `LIMIT=${2//[^0-9]/}` to strip non-digit characters, or explicitly cast it to an integer within the SQL query if the database system supports it. | LLM | install.sh:111 | |
| HIGH | Persistence mechanism: systemd service Detected systemd service pattern. Persistence mechanisms allow malware to survive system restarts. Review this persistence pattern. Skills should not modify system startup configuration. | Static | skills/hargabyte/chaos-mind/scripts/setup-service.sh:65 | |
| MEDIUM | Sensitive environment variable access: $HOME Access to sensitive environment variable '$HOME' detected in shell context. Verify this environment variable access is necessary and the value is not exfiltrated. | Static | skills/hargabyte/chaos-mind/install.sh:19 | |
| MEDIUM | Sensitive environment variable access: $GITHUB_REPO Access to sensitive environment variable '$GITHUB_REPO' detected in shell context. Verify this environment variable access is necessary and the value is not exfiltrated. | Static | skills/hargabyte/chaos-mind/install.sh:93 | |
| MEDIUM | Persistence mechanism: Shell RC file modification Detected Shell RC file modification pattern. Persistence mechanisms allow malware to survive system restarts. Review this persistence pattern. Skills should not modify system startup configuration. | Static | skills/hargabyte/chaos-mind/install.sh:268 | |
| MEDIUM | Sensitive environment variable access: $HOME Access to sensitive environment variable '$HOME' detected in shell context. Verify this environment variable access is necessary and the value is not exfiltrated. | Static | skills/hargabyte/chaos-mind/scripts/setup-service.sh:6 | |
| MEDIUM | Sensitive environment variable access: $USER Access to sensitive environment variable '$USER' detected in shell context. Verify this environment variable access is necessary and the value is not exfiltrated. | Static | skills/hargabyte/chaos-mind/scripts/setup-service.sh:38 |
Scan History
Embed Code
[](https://skillshield.io/report/2f239ca5e10f9c22)
Powered by SkillShield