Trust Assessment
session-memory received a trust score of 37/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 9 findings: 0 critical, 5 high, 4 medium, and 0 low severity. Key findings include Sensitive environment variable access: $HOME, Unsanitized user input in DATE variable leads to command injection, Unsanitized user input in QUERY variable leads to command injection.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 25/100, indicating areas for improvement.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings9
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Unsanitized user input in DATE variable leads to command injection The `daily.sh` script uses the first argument (`$1`) directly in the `DATE` variable assignment: `DATE="${1:-$(date -u +%Y-%m-%d)}"`. If `$1` contains shell metacharacters like `$(command)` or backticks, the command will be executed by the shell. For example, providing `$(rm -rf /)` as the date argument would execute the `rm` command. Sanitize or validate the `DATE` input to ensure it conforms to the `YYYY-MM-DD` format and does not contain shell metacharacters. A safer approach would be to parse the date components using `date -d "$1" +%Y` which also validates the date format, or use `printf %q` for shell-safe quoting if the variable is to be used in a command. | LLM | scripts/daily.sh:5 | |
| HIGH | Unsanitized user input in QUERY variable leads to command injection The `recall.sh` script uses the first argument (`$1`) directly as the search query for `grep`: `grep -r -i -h "$QUERY" ...`. If `$QUERY` contains shell metacharacters (e.g., `$(command)`, ``command``, `;`, `|`, `&`), an attacker can inject and execute arbitrary shell commands. For instance, a query like `foo; rm -rf /` would execute the `rm` command. Escape or sanitize the `$QUERY` variable before passing it to `grep`. For `grep`, using `grep -F` (fixed strings) can prevent interpretation of regex metacharacters, but not shell metacharacters if the string is passed unquoted. The best approach is to ensure the input is properly quoted for the shell or use a safer method for searching that doesn't involve direct shell command construction with user input. | LLM | scripts/recall.sh:7 | |
| HIGH | Unsanitized user input in CONTENT variable leads to command injection The `save.sh` script uses the `CONTENT` variable, derived directly from user input (`$2`), in an `echo` command that is then piped to `sed` and `tr`: `echo "$CONTENT" | sed 's/\\/\\\\/g; s/"/\\"/g' | tr '\n' ' '`. If `$CONTENT` contains shell metacharacters like `$(command)` or backticks, the command will be executed by the shell before its output is piped. For example, providing `hello $(rm -rf /)` as content would execute the `rm` command. Sanitize or validate the `CONTENT` input to ensure it does not contain shell metacharacters. When passing user input to `echo` for piping, consider using `printf %s` or `printf %q` for safer handling. | LLM | scripts/save.sh:23 | |
| HIGH | Unsanitized user input in TAGS variable leads to command injection The `save.sh` script uses the `TAGS` variable, derived directly from user input (`$*`), in an `echo` command that is then piped to `tr` and `sed`: `echo "$TAGS" | tr ' ' '\n' | ...`. If `$TAGS` contains shell metacharacters like `$(command)` or backticks, the command will be executed by the shell before its output is piped. For example, providing `tag1 tag2 $(rm -rf /)` as tags would execute the `rm` command. Sanitize or validate the `TAGS` input to ensure it does not contain shell metacharacters. When passing user input to `echo` for piping, consider using `printf %s` or `printf %q` for safer handling, or use `jq` to construct JSON arrays from individual, properly escaped arguments. | LLM | scripts/save.sh:20 | |
| HIGH | Unescaped user input in TOPIC variable leads to JSON injection The `save.sh` script constructs a JSON string by directly embedding the `TOPIC` variable (`$TOPIC`) without proper JSON escaping: `"topic":"$TOPIC"`. An attacker can provide a `TOPIC` value like `foo", "malicious_key": "malicious_value` to inject arbitrary key-value pairs into the JSON memory entry, corrupting the data structure or potentially leading to unexpected behavior in downstream JSON parsers. Ensure all user-provided strings embedded directly into JSON are properly escaped. For shell scripts, this typically involves using `jq` or a similar tool to construct JSON safely, or implementing robust escaping for double quotes and backslashes within the shell script itself, similar to how `CONTENT_ESC` is handled. | LLM | scripts/save.sh:26 | |
| MEDIUM | Sensitive environment variable access: $HOME Access to sensitive environment variable '$HOME' detected in shell context. Verify this environment variable access is necessary and the value is not exfiltrated. | Static | skills/swaylq/session-memory/scripts/daily.sh:6 | |
| MEDIUM | Sensitive environment variable access: $HOME Access to sensitive environment variable '$HOME' detected in shell context. Verify this environment variable access is necessary and the value is not exfiltrated. | Static | skills/swaylq/session-memory/scripts/recall.sh:8 | |
| MEDIUM | Sensitive environment variable access: $HOME Access to sensitive environment variable '$HOME' detected in shell context. Verify this environment variable access is necessary and the value is not exfiltrated. | Static | skills/swaylq/session-memory/scripts/save.sh:12 | |
| MEDIUM | Sensitive environment variable access: $HOME Access to sensitive environment variable '$HOME' detected in shell context. Verify this environment variable access is necessary and the value is not exfiltrated. | Static | skills/swaylq/session-memory/scripts/topics.sh:5 |
Scan History
Embed Code
[](https://skillshield.io/report/3ed83fa32ef5f35e)
Powered by SkillShield