Trust Assessment
memory-baidu-embedding-db received a trust score of 55/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 5 findings: 1 critical, 1 high, 2 medium, and 1 low severity. Key findings include Missing required field: name, Node lockfile missing, Command Injection via User-Provided Path in Restore Function.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 48/100, indicating areas for improvement.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings5
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Command Injection via User-Provided Path in Restore Function The `memory_maintenance.sh` script's 'restore' action directly uses a user-provided argument (`$2`) as a path in `cp -r "$BACKUP_PATH/memory" /root/clawd/` and `cp "$BACKUP_PATH/MEMORY.md" /root/clawd/`. A malicious user could craft `$2` to include shell metacharacters, leading to arbitrary command execution. For example, `$2` could be `$(rm -rf /)` or a path containing a command substitution, allowing the attacker to execute commands with the privileges of the script. Sanitize or validate the `$BACKUP_PATH` variable to ensure it only contains valid path characters and does not allow shell metacharacters. Alternatively, use a safer method for file operations that does not involve direct shell expansion of user input, or restrict the source of the backup path to trusted locations only. | LLM | memory_maintenance.sh:40 | |
| HIGH | Excessive Permissions: Arbitrary File Copy to Sensitive Directory The `memory_maintenance.sh` script's 'restore' function allows copying files from an arbitrary user-specified backup path (`$BACKUP_PATH`) into the `/root/clawd/` directory. This grants excessive permissions, as a malicious actor could use this to overwrite critical system files within `/root/clawd/` (e.g., other skill files, configuration files, or even shell scripts) with their own malicious versions, leading to persistent compromise or privilege escalation. Restrict the `restore` function to only accept backup paths from a predefined, trusted location. Implement strict validation on the backup path to prevent directory traversal or arbitrary file placement. Consider using a dedicated restore mechanism that verifies file integrity and origin. | LLM | memory_maintenance.sh:40 | |
| MEDIUM | Missing required field: name The 'name' field is required for claude_code skills but is missing from frontmatter. Add a 'name' field to the SKILL.md frontmatter. | Static | skills/xqicxx/memory-baidu-embedding-db/SKILL.md:1 | |
| MEDIUM | Hardcoded Local Skill Dependency (Supply Chain Risk) The Python files `memory_baidu_embedding_db.py`, `test_error_handling.py`, and `test_system.py` use `sys.path.append('/root/clawd/skills/baidu-vector-db/')` to import modules from another skill. This creates a hardcoded, unversioned dependency on a local skill. If the `baidu-vector-db` skill is compromised, replaced with a malicious version, or incorrectly configured, this skill will load and execute the untrusted code without any integrity checks, posing a supply chain risk within the local skill ecosystem. Implement a more robust dependency management system for local skills. This could involve: 1) Using a skill manifest to declare dependencies and their expected versions/hashes. 2) Loading skills through a central, secure skill loader that verifies integrity. 3) Avoiding hardcoded absolute paths for skill imports. | LLM | memory_baidu_embedding_db.py:17 | |
| LOW | Node lockfile missing package.json is present but no lockfile was found (package-lock.json, pnpm-lock.yaml, or yarn.lock). Commit a lockfile for deterministic dependency resolution. | Dependencies | skills/xqicxx/memory-baidu-embedding-db/package.json |
Scan History
Embed Code
[](https://skillshield.io/report/531cd5d798af604e)
Powered by SkillShield