Security Audit

memory-maintenance

github.com/openclaw/skills

AI SkillCommit 13146e6a3d46

CAUTION

Scanned 3 months ago

Critical

Immediate action required

High

Priority fixes suggested

Medium

Best practices review

Low

Acknowledged / Tracked

Trust Assessment

memory-maintenance received a trust score of 52/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.

SkillShield's automated analysis identified 5 findings: 1 critical, 0 high, 3 medium, and 0 low severity. Key findings include Sensitive environment variable access: $HOME, Sensitive environment variable access: $USER, Prompt Injection leading to Arbitrary File Manipulation/Exfiltration.

The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.

Last analyzed on February 14, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.

Layer Breakdown

Manifest Analysis

100%

Static Code Analysis

79%

Dependency Graph

100%

LLM Behavioral Safety

70%

Behavioral Risk Signals

Filesystem Write

2 findings

Shell Execution

4 findings

Dynamic Code

1 finding

Excessive Permissions

3 findings

Security Findings5

Severity	Finding	Layer	Location
CRITICAL	Prompt Injection leading to Arbitrary File Manipulation/Exfiltration The `scripts/review.sh` script constructs the LLM prompt by concatenating potentially user-controlled content from daily notes (`memory/YYYY-MM-DD.md`), `MEMORY.md`, and `USER.md`. This creates a Prompt Injection vulnerability, allowing an attacker to manipulate the LLM's output. The LLM is instructed to generate `maintenance_suggestions` which include a `target` field for file paths. The `scripts/apply.sh` script then directly uses this `target` field in `mv` commands (e.g., `mv "$WORKSPACE/$TARGET" ...`) without sanitization. A successful prompt injection could cause the LLM to generate a malicious `target` path (e.g., `../../../../etc/passwd` or `../../../../.ssh/id_rsa`), leading to arbitrary file movement, deletion, or exfiltration outside the intended `memory/` directory. This affects both `--safe` and `--all` modes of `apply.sh`. 1. Input Sanitization: Implement strict validation and sanitization of all user-controlled content (daily notes, `MEMORY.md`, `USER.md`) before it is included in the LLM prompt in `scripts/review.sh`. 2. Output Validation: In `scripts/apply.sh`, rigorously validate the `target` field received from the LLM's JSON output. Ensure that `target` paths are strictly confined to the intended `memory/` directory and do not contain path traversal sequences (e.g., `../`). A robust approach would be to resolve the path and check if it's a child of the `WORKSPACE/memory` directory. 3. Principle of Least Privilege: Re-evaluate if the LLM needs to suggest arbitrary file paths. If possible, restrict the LLM's suggestions to file IDs or relative paths within a controlled subdirectory, and have the script map these to full, validated paths.	LLM	scripts/apply.sh:99
MEDIUM	Sensitive environment variable access: $HOME Access to sensitive environment variable '$HOME' detected in shell context. Verify this environment variable access is necessary and the value is not exfiltrated.	Static	skills/maxlauriehutchinson/memory-maintenance/scripts/install.sh:6
MEDIUM	Sensitive environment variable access: $USER Access to sensitive environment variable '$USER' detected in shell context. Verify this environment variable access is necessary and the value is not exfiltrated.	Static	skills/maxlauriehutchinson/memory-maintenance/scripts/review.sh:101
MEDIUM	Sensitive environment variable access: $HOME Access to sensitive environment variable '$HOME' detected in shell context. Verify this environment variable access is necessary and the value is not exfiltrated.	Static	skills/maxlauriehutchinson/memory-maintenance/scripts/status.sh:4
INFO	Inconsistent Workspace Path Definition The `WORKSPACE` variable is hardcoded to `"/Users/maxhutchinson/.openclaw/workspace"` in `scripts/apply.sh`, `scripts/cleanup.sh`, and `scripts/review.sh`. In contrast, `scripts/install.sh` correctly uses `"${OPENCLAW_WORKSPACE:-$HOME/.openclaw/workspace}"`, which allows for environment variable override. This inconsistency can lead to scripts operating on the wrong directory if `OPENCLAW_WORKSPACE` is set differently or if the user's workspace is not at the hardcoded path, potentially causing data loss or unexpected file placement. Standardize the `WORKSPACE` variable definition across all scripts to use `"${OPENCLAW_WORKSPACE:-$HOME/.openclaw/workspace}"` or a similar dynamic approach to ensure flexibility and correct operation in various environments.	LLM	scripts/apply.sh:6

Scan History

Embed Code

[![SkillShield](https://skillshield.io/api/v1/badge/c5edbbde6412c3e8.svg)](https://skillshield.io/report/c5edbbde6412c3e8)