Trust Assessment
memoclaw received a trust score of 50/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 5 findings: 1 critical, 3 high, 1 medium, and 0 low severity. Key findings include Dangerous tool allowed: exec, Command Injection via 'exec' with untrusted input, Exposure of sensitive private key via environment variable.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 33/100, indicating areas for improvement.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings5
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Command Injection via 'exec' with untrusted input The skill explicitly declares 'exec' permission in its manifest and provides examples of CLI usage (`memoclaw store`, `memoclaw recall`). If the agent constructs these commands using untrusted user input, it is highly vulnerable to command injection. An attacker could inject arbitrary shell commands (e.g., `'; rm -rf /'`) into arguments, leading to remote code execution on the host system. Implement robust input sanitization and validation for all arguments passed to `exec` calls. Avoid constructing shell commands with direct concatenation of untrusted input. Prefer using a dedicated library or API client for interacting with the `memoclaw` tool that handles argument parsing securely, rather than shelling out. | LLM | SKILL.md:70 | |
| HIGH | Dangerous tool allowed: exec The skill allows the 'exec' tool without constraints. This grants arbitrary command execution. Remove unconstrained shell/exec tools from allowed-tools, or add specific command constraints. | Static | skills/anajuliabit/memoclaw/SKILL.md:1 | |
| HIGH | Exposure of sensitive private key via environment variable The skill explicitly requires the `MEMOCLAW_PRIVATE_KEY` environment variable, which is a sensitive private key used for x402 payments. With `exec` permissions, a successful command injection attack could allow an attacker to read and exfiltrate this private key from the agent's environment, leading to potential financial loss or unauthorized access. Avoid storing sensitive credentials like private keys directly in environment variables accessible to processes with `exec` permissions. If absolutely necessary, implement strict isolation and access controls. Consider using a secure vault or a mechanism that provides temporary, scoped access to credentials, rather than persistent environment variables. | LLM | SKILL.md:20 | |
| HIGH | Excessive 'exec' permission declared The skill explicitly declares 'exec' permission in its manifest. While this might be intended for its CLI-based operation, it represents a significant security risk as it grants the ability to execute arbitrary shell commands. This permission greatly broadens the attack surface and, when combined with potential command injection vulnerabilities, can lead to severe compromise. Re-evaluate if `exec` is strictly necessary for the skill's functionality. If the `memoclaw` tool offers a programmatic API (e.g., a Python library or direct HTTP calls), prefer using that over shelling out. If `exec` is unavoidable, ensure all calls are made with fixed commands and arguments, or with extremely robust sanitization of any user-provided input. | LLM | Manifest | |
| MEDIUM | Unpinned dependencies in setup instructions The setup instructions recommend `npm install -g memoclaw` and `npx @x402/cli pay` without specifying exact versions. This 'unpinned dependency' approach means that future versions of these packages, potentially containing vulnerabilities or malicious code, could be installed. This introduces a supply chain risk, as a compromised package maintainer could push a malicious update that would be automatically installed. Always pin dependencies to specific versions (e.g., `npm install -g memoclaw@1.0.1`) to ensure reproducible and secure installations. Regularly audit and update dependencies. Advise users to verify package integrity before installation. | LLM | SKILL.md:77 |
Scan History
Embed Code
[](https://skillshield.io/report/1e0e614ad2705484)
Powered by SkillShield