Security Audit

neutron-agent-memory

github.com/openclaw/skills

AI SkillCommit 13146e6a3d46

CAUTION

Scanned 2 months ago

Critical

Immediate action required

High

Priority fixes suggested

Medium

Best practices review

Low

Acknowledged / Tracked

Trust Assessment

neutron-agent-memory received a trust score of 58/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.

SkillShield's automated analysis identified 6 findings: 5 critical, 0 high, 1 medium, and 0 low severity. Key findings include Sensitive environment variable access: $HOME, Command Injection via unsanitized user input in 'save' command, Command Injection via unsanitized user input in 'search' command.

The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 0/100, indicating areas for improvement.

Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.

Layer Breakdown

Manifest Analysis

100%

Static Code Analysis

93%

Dependency Graph

100%

LLM Behavioral Safety

Behavioral Risk Signals

Network Access

5 findings

Filesystem Write

1 finding

Shell Execution

6 findings

Dynamic Code

5 findings

Excessive Permissions

1 finding

Security Findings6

Severity	Finding	Layer	Location
CRITICAL	Command Injection via unsanitized user input in 'save' command The `save` command in `scripts/neutron-memory.sh` directly interpolates user-provided arguments (`$2` for text, `$3` for title) into a `curl -F` command without proper sanitization or escaping. An attacker can inject arbitrary shell commands by including special characters (e.g., backticks, semicolons, or command substitutions like `$()`) in the `text` or `title` arguments, leading to remote code execution on the host system. Sanitize or properly escape user input before embedding it into shell commands. For `curl -F` arguments, ensure that the values are correctly quoted and any special characters are escaped. Consider using a safer method for constructing the payload, such as writing to a temporary file and using `@filename` with `curl`, or using a tool like `jq` to safely construct JSON parts of the payload.	LLM	scripts/neutron-memory.sh:70
CRITICAL	Command Injection via unsanitized user input in 'search' command The `search` command in `scripts/neutron-memory.sh` directly interpolates the user-provided `query` argument (`$2`) into a JSON payload for a `curl -d` command. An attacker can inject arbitrary shell commands by including special characters (e.g., backticks, semicolons, or command substitutions like `$()`) or by breaking out of the JSON string with double quotes, leading to remote code execution on the host system. Sanitize or properly escape user input before embedding it into shell commands or JSON payloads. For JSON payloads, use a tool like `jq` to safely construct the JSON object, e.g., `jq -n --arg query "$query" --argjson limit "$limit" --argjson threshold "$threshold" '{"query": $query, "limit": $limit, "threshold": $threshold}'`.	LLM	scripts/neutron-memory.sh:83
CRITICAL	Command Injection via unsanitized user input in 'context-create' command The `context-create` command in `scripts/neutron-memory.sh` directly interpolates multiple user-provided arguments (`$2` for agent_id, `$3` for memory_type, `$4` for data, `$5` for metadata) into a JSON payload for a `curl -d` command. An attacker can inject arbitrary shell commands by including special characters or malformed JSON in these arguments, leading to remote code execution on the host system. Sanitize or properly escape user input before embedding it into shell commands or JSON payloads. For JSON payloads, use a tool like `jq` to safely construct the JSON object, ensuring that string values are quoted and JSON objects (`data`, `metadata`) are parsed and re-serialized safely, or validated before inclusion.	LLM	scripts/neutron-memory.sh:100
CRITICAL	Command Injection via unsanitized user input in 'context-list' command The `context-list` command in `scripts/neutron-memory.sh` directly interpolates the user-provided `agent_id` argument (`$2`) into the URL query string. An attacker can inject arbitrary shell commands by including special characters (e.g., backticks, semicolons, or command substitutions like `$()`) in the `agent_id`, leading to remote code execution on the host system. Additionally, URL manipulation is possible. Sanitize or properly URL-encode user input before embedding it into URL query strings. Use a function to safely encode the `agent_id` value before appending it to the `extra` variable.	LLM	scripts/neutron-memory.sh:109
CRITICAL	Command Injection via unsanitized user input in 'context-get' command The `context-get` command in `scripts/neutron-memory.sh` directly interpolates the user-provided `context_id` argument (`$2`) into the URL path. An attacker can inject arbitrary shell commands by including special characters (e.g., backticks, semicolons, or command substitutions like `$()`) in the `context_id`, leading to remote code execution on the host system. Additionally, URL path traversal or manipulation is possible. Sanitize or properly URL-encode user input before embedding it into URL paths. Ensure that the `context_id` is validated to prevent path traversal or command injection.	LLM	scripts/neutron-memory.sh:119
MEDIUM	Sensitive environment variable access: $HOME Access to sensitive environment variable '$HOME' detected in shell context. Verify this environment variable access is necessary and the value is not exfiltrated.	Static	skills/naeemmaliki036/neutron-agent-memory/scripts/neutron-memory.sh:5

Scan History

Embed Code

[![SkillShield](https://skillshield.io/api/v1/badge/899c2b7682fc4d2c.svg)](https://skillshield.io/report/899c2b7682fc4d2c)