Trust Assessment
continuity received a trust score of 65/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 4 findings: 1 critical, 3 high, 0 medium, and 0 low severity. Key findings include Arbitrary file read via `--session` argument, Arbitrary file write via `--output` argument, Arbitrary directory deletion via `CONTINUITY_MEMORY_DIR` environment variable.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 25/100, indicating areas for improvement.
Last analyzed on February 12, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings4
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Arbitrary directory deletion via `CONTINUITY_MEMORY_DIR` environment variable The `MEMORY_DIR` variable, which determines where memory files are stored, can be controlled by the `CONTINUITY_MEMORY_DIR` environment variable. The `continuity reset` command then uses `shutil.rmtree(MEMORY_DIR)` to delete this directory. If a malicious actor sets `CONTINUITY_MEMORY_DIR` to a critical system directory (e.g., `/`, `/etc`, `/usr`), executing `continuity reset` would lead to catastrophic data loss or system instability. Do not allow `MEMORY_DIR` to be fully controlled by an environment variable without strict validation. If an environment variable is used, ensure the path is always a subdirectory of a safe, user-specific location (e.g., `Path.home() / 'clawd' / 'memory' / 'custom_dir'`). Alternatively, remove the ability to configure `MEMORY_DIR` via environment variables or implement a whitelist of allowed directories. | LLM | scripts/continuity.py:340 | |
| HIGH | Arbitrary file read via `--session` argument The `continuity reflect` command accepts a `--session` argument which specifies a path to a session transcript file. The script reads the content of this file directly using `open(args.session)`. A malicious actor could provide a path to any file on the system (e.g., `/etc/passwd`, `~/.ssh/id_rsa`) to exfiltrate its contents. Restrict the `--session` argument to a specific, sandboxed directory, or validate the path to ensure it's within an allowed scope. Implement strict path sanitization to prevent directory traversal. | LLM | scripts/continuity.py:160 | |
| HIGH | Arbitrary file write via `--output` argument The `continuity export` command accepts an `--output` argument which specifies a path to write the exported memory data. The script writes to this file directly using `open(args.output, 'w')`. A malicious actor could provide a path to any file on the system (e.g., `/etc/hosts`, `/tmp/important_config.json`) to overwrite its contents or create new files in arbitrary locations. Restrict the `--output` argument to a specific, sandboxed directory, or validate the path to ensure it's within an allowed scope. Implement strict path sanitization to prevent directory traversal. | LLM | scripts/continuity.py:300 | |
| HIGH | Arbitrary file read via `--input` argument The `continuity import` command accepts an `--input` argument which specifies a path to a file containing memory data to import. The script reads the content of this file directly using `open(args.input)`. A malicious actor could provide a path to any file on the system (e.g., `/etc/passwd`, `~/.ssh/id_rsa`) to read its contents into the skill's memory, potentially leading to data exfiltration if the memory is later exported or processed. Restrict the `--input` argument to a specific, sandboxed directory, or validate the path to ensure it's within an allowed scope. Implement strict path sanitization to prevent directory traversal. | LLM | scripts/continuity.py:315 |
Scan History
Embed Code
[](https://skillshield.io/report/19dc5a744d0d1c02)
Powered by SkillShield