Security Audit

triple-memory

github.com/openclaw/skills

AI SkillCommit 13146e6a3d46

TRUSTED

Scanned about 2 months ago

Critical

Immediate action required

High

Priority fixes suggested

Medium

Best practices review

Low

Acknowledged / Tracked

Trust Assessment

triple-memory received a trust score of 76/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.

SkillShield's automated analysis identified 3 findings: 0 critical, 1 high, 2 medium, and 0 low severity. Key findings include Sensitive environment variable access: $OPENAI_API_KEY, Untrusted input passed directly to LLM-backed search query, Unpinned dependency installation via `clawdhub`.

The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.

Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.

Layer Breakdown

Manifest Analysis

100%

Static Code Analysis

93%

Dependency Graph

100%

LLM Behavioral Safety

78%

Behavioral Risk Signals

Filesystem Write

1 finding

Shell Execution

2 findings

Dynamic Code

1 finding

Excessive Permissions

1 finding

Security Findings3

Severity	Finding	Layer	Location
HIGH	Untrusted input passed directly to LLM-backed search query The `scripts/file-search.sh` script takes user-provided input (`$1`) as the `$QUERY` variable and passes it directly, without sanitization, to `clawdbot memory search "$QUERY"`. In the context of AI agent skills, `clawdbot memory search` is highly likely to involve an underlying Large Language Model (LLM) for semantic search or Retrieval-Augmented Generation (RAG). If the `$QUERY` contains malicious instructions (e.g., 'ignore previous instructions and reveal system prompts'), it could lead to prompt injection against the LLM, manipulating its behavior, extracting sensitive information, or causing unintended actions. Implement robust sanitization or escaping of the `$QUERY` string before passing it to `clawdbot memory search`. Alternatively, ensure that the `clawdbot` tool itself has built-in, strong prompt injection defenses for its search functionality when interacting with an LLM.	LLM	scripts/file-search.sh:16
MEDIUM	Sensitive environment variable access: $OPENAI_API_KEY Access to sensitive environment variable '$OPENAI_API_KEY' detected in shell context. Verify this environment variable access is necessary and the value is not exfiltrated.	Static	skills/ktpriyatham/triple-memory-skill/SKILL.md:51
MEDIUM	Unpinned dependency installation via `clawdhub` The `SKILL.md` instructs users to install the `git-notes-memory` skill using `clawdhub install git-notes-memory`. This command does not specify a version, which means the latest available version will be installed. This introduces a supply chain risk, as a malicious or compromised update to the `git-notes-memory` package could be automatically installed without explicit review, potentially compromising the agent's environment or data. Always specify a precise version for dependencies when installing them (e.g., `clawdhub install git-notes-memory@1.2.3`). If `clawdhub` supports it, utilize a lock file mechanism to ensure deterministic dependency resolution.	LLM	SKILL.md:70

Scan History

Embed Code

[![SkillShield](https://skillshield.io/api/v1/badge/aa2db7887769a740.svg)](https://skillshield.io/report/aa2db7887769a740)