Trust Assessment
memory-manager received a trust score of 13/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 11 findings: 0 critical, 3 high, 7 medium, and 1 low severity. Key findings include Sensitive environment variable access: $HOME, Node lockfile missing, Path Traversal in categorize.sh.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The Static Code Analysis layer scored lowest at 51/100, indicating areas for improvement.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings11
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Path Traversal in categorize.sh The `categorize.sh` script constructs destination file paths using the user-controlled `$NAME` variable without proper sanitization. An attacker could use path traversal sequences (e.g., `../`) in the `$NAME` argument to write files to arbitrary locations outside the intended `MEMORY_DIR` when using `mv`, `echo >>`, or `cat >>` commands. Sanitize the `$NAME` variable to prevent path traversal. Ensure it only contains valid filename characters and does not include directory separators or `..`. A common approach is to use `basename` or regex to validate/clean the input. | LLM | categorize.sh:40 | |
| HIGH | Command Injection via Unquoted Variables in organize.sh The `organize.sh` script iterates over a list of files (`$FLAT_FILES`) using an unquoted `for` loop (`for file in $FLAT_FILES; do`). If any filename returned by `find` contains spaces or shell metacharacters, the shell will perform word splitting, treating parts of the filename as separate arguments. This can lead to unexpected behavior or command injection when `$file` is subsequently used unquoted in `mv` and `cp` commands. Modify the loop to safely handle filenames with spaces or special characters. Use `find ... -print0 | while IFS= read -r -d '' file; do ... done` or `find ... -exec ... {} +` to process files securely. Additionally, always quote variables when they expand to file paths or user input in shell commands (e.g., `mv "$file" ...`). | LLM | organize.sh:30 | |
| HIGH | Command Injection via Unquoted Variables in snapshot.sh The `snapshot.sh` script iterates over lists of files (`$recent_episodic`, `semantic_files`, `procedural_files`) using unquoted `for` loops. If any filename contains spaces or shell metacharacters, the shell will perform word splitting. This can lead to unexpected behavior or command injection when `$file` is subsequently used unquoted in `tail` and `head` commands, potentially allowing an attacker to execute arbitrary commands by crafting malicious filenames. Modify the loops to safely handle filenames with spaces or special characters. Use `find ... -print0 | while IFS= read -r -d '' file; do ... done` or `find ... -exec ... {} +` to process files securely. Additionally, always quote variables when they expand to file paths or user input in shell commands (e.g., `tail -n 30 "$file"`). This issue appears multiple times in the script. | LLM | snapshot.sh:30 | |
| MEDIUM | Sensitive environment variable access: $HOME Access to sensitive environment variable '$HOME' detected in shell context. Verify this environment variable access is necessary and the value is not exfiltrated. | Static | skills/marmikcfc/memory-manager/categorize.sh:4 | |
| MEDIUM | Sensitive environment variable access: $HOME Access to sensitive environment variable '$HOME' detected in shell context. Verify this environment variable access is necessary and the value is not exfiltrated. | Static | skills/marmikcfc/memory-manager/detect.sh:4 | |
| MEDIUM | Sensitive environment variable access: $HOME Access to sensitive environment variable '$HOME' detected in shell context. Verify this environment variable access is necessary and the value is not exfiltrated. | Static | skills/marmikcfc/memory-manager/init.sh:4 | |
| MEDIUM | Sensitive environment variable access: $HOME Access to sensitive environment variable '$HOME' detected in shell context. Verify this environment variable access is necessary and the value is not exfiltrated. | Static | skills/marmikcfc/memory-manager/organize.sh:4 | |
| MEDIUM | Sensitive environment variable access: $HOME Access to sensitive environment variable '$HOME' detected in shell context. Verify this environment variable access is necessary and the value is not exfiltrated. | Static | skills/marmikcfc/memory-manager/search.sh:4 | |
| MEDIUM | Sensitive environment variable access: $HOME Access to sensitive environment variable '$HOME' detected in shell context. Verify this environment variable access is necessary and the value is not exfiltrated. | Static | skills/marmikcfc/memory-manager/snapshot.sh:4 | |
| MEDIUM | Sensitive environment variable access: $HOME Access to sensitive environment variable '$HOME' detected in shell context. Verify this environment variable access is necessary and the value is not exfiltrated. | Static | skills/marmikcfc/memory-manager/stats.sh:4 | |
| LOW | Node lockfile missing package.json is present but no lockfile was found (package-lock.json, pnpm-lock.yaml, or yarn.lock). Commit a lockfile for deterministic dependency resolution. | Dependencies | skills/marmikcfc/memory-manager/package.json |
Scan History
Embed Code
[](https://skillshield.io/report/70d51c37c0c157bf)
Powered by SkillShield