Trust Assessment
ollama-memory-embeddings received a trust score of 10/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 23 findings: 16 critical, 2 high, 5 medium, and 0 low severity. Key findings include Persistence / self-modification instructions, Network egress to untrusted endpoints, Sensitive environment variable access: $HOME.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The Manifest Analysis layer scored lowest at 0/100, indicating areas for improvement.
Last analyzed on February 14, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings23
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Persistence / self-modification instructions macOS LaunchAgent/LaunchDaemon persistence Remove any persistence mechanisms. Skills should not modify system startup configurations, crontabs, LaunchAgents, systemd services, or shell profiles. | Manifest | skills/vidarbrekke/ollama-memory-embeddings/watchdog.sh:18 | |
| CRITICAL | Persistence / self-modification instructions macOS LaunchAgent/LaunchDaemon persistence Remove any persistence mechanisms. Skills should not modify system startup configurations, crontabs, LaunchAgents, systemd services, or shell profiles. | Manifest | skills/vidarbrekke/ollama-memory-embeddings/watchdog.sh:174 | |
| CRITICAL | Network egress to untrusted endpoints HTTP request to raw IP address Review all outbound network calls. Remove connections to webhook collectors, paste sites, and raw IP addresses. Legitimate API calls should use well-known service domains. | Manifest | skills/vidarbrekke/ollama-memory-embeddings/enforce.sh:7 | |
| CRITICAL | Network egress to untrusted endpoints HTTP request to raw IP address Review all outbound network calls. Remove connections to webhook collectors, paste sites, and raw IP addresses. Legitimate API calls should use well-known service domains. | Manifest | skills/vidarbrekke/ollama-memory-embeddings/enforce.sh:21 | |
| CRITICAL | Network egress to untrusted endpoints HTTP request to raw IP address Review all outbound network calls. Remove connections to webhook collectors, paste sites, and raw IP addresses. Legitimate API calls should use well-known service domains. | Manifest | skills/vidarbrekke/ollama-memory-embeddings/install.sh:104 | |
| CRITICAL | Network egress to untrusted endpoints HTTP request to raw IP address Review all outbound network calls. Remove connections to webhook collectors, paste sites, and raw IP addresses. Legitimate API calls should use well-known service domains. | Manifest | skills/vidarbrekke/ollama-memory-embeddings/install.sh:249 | |
| CRITICAL | Network egress to untrusted endpoints HTTP request to raw IP address Review all outbound network calls. Remove connections to webhook collectors, paste sites, and raw IP addresses. Legitimate API calls should use well-known service domains. | Manifest | skills/vidarbrekke/ollama-memory-embeddings/install.sh:374 | |
| CRITICAL | Network egress to untrusted endpoints HTTP request to raw IP address Review all outbound network calls. Remove connections to webhook collectors, paste sites, and raw IP addresses. Legitimate API calls should use well-known service domains. | Manifest | skills/vidarbrekke/ollama-memory-embeddings/install.sh:433 | |
| CRITICAL | Network egress to untrusted endpoints HTTP request to raw IP address Review all outbound network calls. Remove connections to webhook collectors, paste sites, and raw IP addresses. Legitimate API calls should use well-known service domains. | Manifest | skills/vidarbrekke/ollama-memory-embeddings/verify.sh:21 | |
| CRITICAL | Network egress to untrusted endpoints HTTP request to raw IP address Review all outbound network calls. Remove connections to webhook collectors, paste sites, and raw IP addresses. Legitimate API calls should use well-known service domains. | Manifest | skills/vidarbrekke/ollama-memory-embeddings/verify.sh:93 | |
| CRITICAL | Network egress to untrusted endpoints HTTP request to raw IP address Review all outbound network calls. Remove connections to webhook collectors, paste sites, and raw IP addresses. Legitimate API calls should use well-known service domains. | Manifest | skills/vidarbrekke/ollama-memory-embeddings/verify.sh:169 | |
| CRITICAL | Network egress to untrusted endpoints HTTP request to raw IP address Review all outbound network calls. Remove connections to webhook collectors, paste sites, and raw IP addresses. Legitimate API calls should use well-known service domains. | Manifest | skills/vidarbrekke/ollama-memory-embeddings/watchdog.sh:9 | |
| CRITICAL | Network egress to untrusted endpoints HTTP request to raw IP address Review all outbound network calls. Remove connections to webhook collectors, paste sites, and raw IP addresses. Legitimate API calls should use well-known service domains. | Manifest | skills/vidarbrekke/ollama-memory-embeddings/watchdog.sh:43 | |
| CRITICAL | Remote code execution: curl/wget pipe to shell Detected a pattern that downloads and immediately executes remote code. This is a primary malware delivery vector. Never pipe curl/wget output directly to a shell interpreter. | Static | skills/vidarbrekke/ollama-memory-embeddings/verify.sh:156 | |
| CRITICAL | Unsanitized user input in shell command (CONFIG_PATH) The `CONFIG_PATH` variable, which can be controlled by the user via the `--openclaw-config` argument or `OPENCLAW_CONFIG_PATH` environment variable, is used directly in several shell commands without proper sanitization or quoting. This allows for command injection by crafting `CONFIG_PATH` to include shell metacharacters (e.g., `$(evil_command)` or `; rm -rf /; #`). An attacker could execute arbitrary commands with the privileges of the script. Validate `CONFIG_PATH` to ensure it contains only safe file path characters. Alternatively, use `printf %q` to properly quote the variable when used in shell commands, e.g., `mkdir -p "$(dirname "$(printf %q "$CONFIG_PATH")")"`. | LLM | enforce.sh:69 | |
| CRITICAL | Unsanitized user input in shell command (IMPORT_MODEL_NAME) In `install.sh`, the `IMPORT_MODEL_NAME` variable, which can be controlled by the user via the `--import-model-name` argument, is used directly in the `ollama create` command. This allows for command injection by crafting `IMPORT_MODEL_NAME` to include shell metacharacters (e.g., `my_model; rm -rf /; #`). An attacker could execute arbitrary commands with the privileges of the script. Validate `IMPORT_MODEL_NAME` to ensure it contains only characters allowed for Ollama model names. Alternatively, use `printf %q` to properly quote the variable when used in shell commands, e.g., `ollama create "$(printf %q "${IMPORT_MODEL_NAME}")" -f "${MOD_FILE}"`. | LLM | install.sh:364 | |
| HIGH | Persistence mechanism: macOS LaunchAgent Detected macOS LaunchAgent pattern. Persistence mechanisms allow malware to survive system restarts. Review this persistence pattern. Skills should not modify system startup configuration. | Static | skills/vidarbrekke/ollama-memory-embeddings/watchdog.sh:18 | |
| HIGH | Persistence mechanism: macOS LaunchAgent Detected macOS LaunchAgent pattern. Persistence mechanisms allow malware to survive system restarts. Review this persistence pattern. Skills should not modify system startup configuration. | Static | skills/vidarbrekke/ollama-memory-embeddings/watchdog.sh:174 | |
| MEDIUM | Sensitive environment variable access: $HOME Access to sensitive environment variable '$HOME' detected in shell context. Verify this environment variable access is necessary and the value is not exfiltrated. | Static | skills/vidarbrekke/ollama-memory-embeddings/enforce.sh:8 | |
| MEDIUM | Sensitive environment variable access: $HOME Access to sensitive environment variable '$HOME' detected in shell context. Verify this environment variable access is necessary and the value is not exfiltrated. | Static | skills/vidarbrekke/ollama-memory-embeddings/install.sh:7 | |
| MEDIUM | Sensitive environment variable access: $HOME Access to sensitive environment variable '$HOME' detected in shell context. Verify this environment variable access is necessary and the value is not exfiltrated. | Static | skills/vidarbrekke/ollama-memory-embeddings/verify.sh:8 | |
| MEDIUM | Sensitive environment variable access: $HOME Access to sensitive environment variable '$HOME' detected in shell context. Verify this environment variable access is necessary and the value is not exfiltrated. | Static | skills/vidarbrekke/ollama-memory-embeddings/watchdog.sh:7 | |
| MEDIUM | Server-Side Request Forgery (SSRF) via unsanitized BASE_URL In `verify.sh`, the `BASE_URL` variable, which can be controlled by the user via the `--base-url` argument, is used in a `curl` command to make an HTTP POST request. While the `normalize_base_url` function modifies the URL, it does not restrict the scheme or hostname. An attacker could provide an internal network address (e.g., `http://192.168.1.1/`) or a `file://` URL. This could lead to Server-Side Request Forgery (SSRF), allowing the attacker to probe or interact with internal services or local files that the script has access to. Implement strict validation for `BASE_URL` to ensure it only uses allowed schemes (e.g., `http`, `https`) and potentially restrict hostnames to known safe external endpoints or prevent internal IP ranges. Disallow `file://` and other potentially dangerous schemes. | LLM | verify.sh:120 |
Scan History
Embed Code
[](https://skillshield.io/report/c10ea30d5f1d06e9)
Powered by SkillShield