Trust Assessment
smart-memory received a trust score of 88/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.
SkillShield's automated analysis identified 1 finding: 0 critical, 1 high, 0 medium, and 0 low severity. Key findings include Excessive Permissions / Path Traversal in memory_get.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings1
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Excessive Permissions / Path Traversal in memory_get The `memory_get` tool accepts a `path` parameter to retrieve content from a file. If the underlying implementation does not strictly validate and sanitize this path, an attacker could use directory traversal sequences (e.g., `../../`) or absolute paths to read arbitrary files outside the intended memory directory. This could lead to unauthorized access to sensitive system files, configuration files, or other data, resulting in data exfiltration or system compromise. Implement robust path validation and sanitization within the `memory_get` function. Restrict file access to a predefined, secure directory (e.g., the `MEMORY_DIR` environment variable's value) and prevent any form of directory traversal. Ensure that only files explicitly intended to be part of the skill's memory can be accessed. | LLM | SKILL.md:171 |
Scan History
Embed Code
[](https://skillshield.io/report/8bcff553fa862edb)
Powered by SkillShield