Trust Assessment
memdata received a trust score of 65/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 3 findings: 1 critical, 2 high, 0 medium, and 0 low severity. Key findings include Skill requires direct wallet access and transaction signing, Skill enables ingestion of arbitrary data to external service, Skill requires handling of sensitive UCAN delegation token.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 40/100, indicating areas for improvement.
Last analyzed on February 12, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings3
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Skill requires direct wallet access and transaction signing The skill's core authentication and payment mechanism (x402 protocol) explicitly requires the agent to have direct access to a cryptocurrency wallet and the ability to sign transactions. This grants the agent high-privilege financial control, posing a critical risk if the agent is compromised or misdirected, potentially leading to unauthorized spending or financial loss. Implement robust authorization and spending limits for the agent's wallet. Consider using a dedicated, limited-fund wallet for agent operations. Ensure explicit user confirmation for all transactions initiated by the agent. | LLM | SKILL.md:29 | |
| HIGH | Skill enables ingestion of arbitrary data to external service The `POST /ingest` endpoint allows the agent to send arbitrary `content` to the external `memdata.ai` service for storage. If the agent is granted access to sensitive local files, environment variables, or other confidential data, a malicious instruction or a bug could lead to this data being exfiltrated and stored on the third-party service, potentially without explicit user consent. Implement strict input validation and content filtering for data sent to the `/ingest` endpoint. Restrict the agent's access to sensitive local data. Require explicit user confirmation before ingesting data identified as potentially sensitive. | LLM | SKILL.md:100 | |
| HIGH | Skill requires handling of sensitive UCAN delegation token The `POST /setup-encryption` endpoint requires the agent to provide a `base64-encoded UCAN delegation`. This UCAN (User-Controlled Authorization Network) token is a sensitive authorization credential that grants specific permissions, potentially including access to encrypted memories. Improper handling, storage, or transmission of this token could lead to unauthorized access to the agent's private data. Ensure secure storage and transmission of UCAN delegation tokens. Implement strict access controls for the agent's ability to generate or provide these tokens. Consider short-lived UCANs or mechanisms for revocation. | LLM | SKILL.md:168 |
Scan History
Embed Code
[](https://skillshield.io/report/0da1d2c88056d825)
Powered by SkillShield