Security Audit

memorybox

github.com/openclaw/skills

AI SkillCommit 13146e6a3d46

CAUTION

Scanned 3 months ago

Critical

Immediate action required

High

Priority fixes suggested

Medium

Best practices review

Low

Acknowledged / Tracked

Trust Assessment

memorybox received a trust score of 65/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.

SkillShield's automated analysis identified 2 findings: 1 critical, 1 high, 0 medium, and 0 low severity. Key findings include Skill instructs installation of external executable with root privileges, Unpinned external repository dependency.

The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 55/100, indicating areas for improvement.

Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.

Layer Breakdown

Manifest Analysis

100%

Static Code Analysis

100%

Dependency Graph

100%

LLM Behavioral Safety

55%

Behavioral Risk Signals

Network Access

2 findings

Filesystem Write

1 finding

Shell Execution

2 findings

Excessive Permissions

1 finding

Security Findings2

Severity	Finding	Layer	Location
CRITICAL	Skill instructs installation of external executable with root privileges The skill's installation instructions include `sudo ln -sf "$(pwd)/bin/memorybox" /usr/local/bin/memorybox`. This command requires root privileges to place an executable from an unverified external GitHub repository into a system-wide executable path. This grants the `memorybox` script global execution rights and could lead to system compromise if the external repository is malicious or compromised. An AI agent following these instructions would execute arbitrary commands with elevated privileges. Avoid instructing users or agents to install external executables with `sudo` into system paths. If system-wide installation is necessary, provide clear warnings and alternative, more secure installation methods (e.g., user-local installation, containerization, or platform-managed package installation). Ensure any external dependencies are thoroughly vetted.	LLM	SKILL.md:19
HIGH	Unpinned external repository dependency The skill instructs `git clone https://github.com/Ramsbaby/openclaw-memorybox.git` without specifying a commit hash or version tag. This means that future installations will pull the latest version of the repository's default branch. If the upstream repository is compromised or malicious changes are introduced, subsequent installations could unknowingly pull and execute compromised code, posing a significant supply chain risk. Pin external dependencies to a specific commit hash or version tag (e.g., `git clone -b <tag_or_commit> ...`). This ensures deterministic installations and prevents unexpected changes from upstream. Consider vendoring critical dependencies or using a package manager with lock files for better control over the supply chain.	LLM	SKILL.md:17

Scan History

Embed Code

[![SkillShield](https://skillshield.io/api/v1/badge/260d01bc2293ce5c.svg)](https://skillshield.io/report/260d01bc2293ce5c)