Trust Assessment
memory-system-v2 received a trust score of 58/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 4 findings: 2 critical, 1 high, 1 medium, and 0 low severity. Key findings include Sensitive environment variable access: $HOME, Command Injection via unsanitized 'tags' argument, Command Injection via unsanitized 'days' argument in date command.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 25/100, indicating areas for improvement.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings4
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Command Injection via unsanitized 'tags' argument The `capture_memory` function constructs a JSON entry where the `tags` field is processed by `jq` via a shell pipeline: `$(echo "$tags" | jq ...)`. The `$tags` variable is directly taken from user input (CLI argument `--tags`) without sanitization. An attacker can inject shell metacharacters (e.g., `"; rm -rf /"`) into the `--tags` argument, leading to arbitrary command execution on the host system. Sanitize the `$tags` variable to escape shell metacharacters before passing it to `echo`, or preferably, pass the raw tags string directly to `jq` as an `--arg` and let `jq` handle the splitting and mapping, ensuring proper JSON escaping and preventing shell injection. | LLM | memory-cli.sh:80 | |
| CRITICAL | Command Injection via unsanitized 'days' argument in date command The `recent_memory` function uses the `$days` argument directly within a `date` command (`date -v-${days}d ...` or `date -u -d "$days days ago" ...`). The `$days` variable is taken from user input (CLI argument for `recent` command) without sanitization. An attacker can inject shell metacharacters (e.g., `5d; rm -rf /`) into the `days` argument, leading to arbitrary command execution on the host system. This vulnerability is also indirectly present in the `consolidate_weekly` function which calls `recent_memory`. Validate and sanitize the `$days` variable to ensure it contains only numeric characters or a safe date format before passing it to the `date` command. Alternatively, use a safer method to calculate the cutoff date that does not involve direct shell interpolation of user input. | LLM | memory-cli.sh:120 | |
| HIGH | Unescaped user input in JSON string construction leads to data corruption The `capture_memory` function directly embeds user-controlled `$content` and `$context` variables into a JSON string (`memory_entry`) without proper shell-level JSON escaping. If these variables contain unescaped double quotes (`"`) or backslashes (`\`), they can break the JSON structure, leading to malformed `memory-index.json` entries. While `jq --argjson` is used to pass the entire `$memory_entry` string, if `$memory_entry` itself is not valid JSON due to these unescaped characters, `jq` will fail to parse it, resulting in data corruption or denial of service. This could also lead to unexpected behavior if the malformed data is later processed by an LLM. Before embedding `$content` and `$context` into the `memory_entry` string, escape any double quotes and backslashes within them. A robust way is to pass these variables directly to `jq` as `--arg` arguments when constructing the JSON, letting `jq` handle the proper JSON string escaping. For example, construct the JSON directly with `jq` using `--arg` for each string field instead of building the entire JSON string in bash. | LLM | memory-cli.sh:72 | |
| MEDIUM | Sensitive environment variable access: $HOME Access to sensitive environment variable '$HOME' detected in shell context. Verify this environment variable access is necessary and the value is not exfiltrated. | Static | skills/kellyclaudeai/memory-system-v2/memory-cli.sh:4 |
Scan History
Embed Code
[](https://skillshield.io/report/2f0bc5ed71d5c19f)
Powered by SkillShield