Trust Assessment
cognitive-memory received a trust score of 65/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 4 findings: 0 critical, 1 high, 3 medium, and 0 low severity. Key findings include Sensitive environment variable access: $HOME, Shell scripts vulnerable to command injection via workspace path.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings4
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Shell scripts vulnerable to command injection via workspace path The `init_memory.sh` and `upgrade_to_1.0.x.sh` scripts accept a workspace path as their first argument (`$1`). This argument is directly used in various shell commands (e.g., `mkdir`, `cd`, `cp`, `git`) to construct file paths and change directories. If an attacker can control the value of `$1`, they could inject arbitrary shell commands, leading to arbitrary code execution on the host system. For example, passing a path like `'/tmp/my_workspace; rm -rf /'` or `'/tmp/my_workspace && malicious_command'` could execute unintended commands. While variable expansion is quoted (`"$WORKSPACE"`), this prevents word splitting but not command substitution or arbitrary command execution if the input itself is a command or contains command separators. Implement robust input validation for the `$1` argument to ensure it is a safe, non-malicious directory path. This should include checking for special shell characters, command separators (like `;`, `&`, `|`), and command substitutions (`$()`, `` ` ``). Consider using `realpath` to resolve the path and then strictly validating its components. If possible, avoid directly embedding user-controlled input into shell commands without proper escaping or using safer execution methods (e.g., `subprocess.run` with `shell=False` in Python, or `execvp` in C/Rust). | LLM | scripts/init_memory.sh:7 | |
| MEDIUM | Sensitive environment variable access: $HOME Access to sensitive environment variable '$HOME' detected in shell context. Verify this environment variable access is necessary and the value is not exfiltrated. | Static | skills/icemilo414/cognitive-memory/scripts/upgrade_to_1.0.6.sh:8 | |
| MEDIUM | Sensitive environment variable access: $HOME Access to sensitive environment variable '$HOME' detected in shell context. Verify this environment variable access is necessary and the value is not exfiltrated. | Static | skills/icemilo414/cognitive-memory/scripts/upgrade_to_1.0.7.sh:8 | |
| MEDIUM | Sensitive environment variable access: $HOME Access to sensitive environment variable '$HOME' detected in shell context. Verify this environment variable access is necessary and the value is not exfiltrated. | Static | skills/icemilo414/cognitive-memory/upgrade_to_1.0.7.sh:8 |
Scan History
Embed Code
[](https://skillshield.io/report/a2856103f410c89b)
Powered by SkillShield