Security Audit

triple-memory-baidu-embedding

github.com/openclaw/skills

AI SkillCommit 13146e6a3d46

CAUTION

Scanned about 2 months ago

Critical

Immediate action required

High

Priority fixes suggested

Medium

Best practices review

Low

Acknowledged / Tracked

Trust Assessment

triple-memory-baidu-embedding received a trust score of 58/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.

SkillShield's automated analysis identified 5 findings: 2 critical, 2 high, 1 medium, and 0 low severity. Key findings include Sensitive environment variable access: $HOME, Python Code Injection via Unsanitized Shell Arguments, Python Code Injection via Unsanitized Shell Arguments (Propagated).

The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 10/100, indicating areas for improvement.

Last analyzed on February 14, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.

Layer Breakdown

Manifest Analysis

100%

Static Code Analysis

93%

Dependency Graph

100%

LLM Behavioral Safety

10%

Behavioral Risk Signals

Network Access

1 finding

Filesystem Write

1 finding

Shell Execution

5 findings

Dynamic Code

2 findings

Excessive Permissions

1 finding

Security Findings5

Severity	Finding	Layer	Location
CRITICAL	Python Code Injection via Unsanitized Shell Arguments User-controlled shell arguments (`$TEXT`, `$QUERY`) are directly interpolated into Python string literals within `python3 -c "..."` commands. An attacker can craft these inputs to break out of the string literal and inject arbitrary Python code, leading to remote code execution. Use proper argument passing to Python scripts (e.g., `sys.argv` or environment variables) instead of direct string interpolation. If direct interpolation is unavoidable, strictly sanitize or escape user input to prevent breaking out of string literals. For Python, `shlex.quote` can be used on the shell side, or `json.dumps` on the Python side if the data is JSON.	LLM	scripts/baidu-memory-tools.sh:26
CRITICAL	Python Code Injection via Unsanitized Shell Arguments (Propagated) User-controlled shell arguments (`$TEXT`, `$TAGS`, `$IMPORTANCE`) are directly interpolated into Python string literals within `python3 -c "..."` commands in `triple-integration.sh`. This is a direct vulnerability, similar to `baidu-memory-tools.sh`, allowing arbitrary Python code execution. Use proper argument passing to Python scripts (e.g., `sys.argv` or environment variables) instead of direct string interpolation. If direct interpolation is unavoidable, strictly sanitize or escape user input to prevent breaking out of string literals. For Python, `shlex.quote` can be used on the shell side, or `json.dumps` on the Python side if the data is JSON.	LLM	scripts/triple-integration.sh:50
HIGH	Arbitrary File Sourcing via Uncontrolled WORKSPACE Variable The script `baidu-memory-tools.sh` sources a `.env` file from the `$WORKSPACE` directory. While `$WORKSPACE` defaults to the skill's directory, it can be overridden by an environment variable. If an attacker can control the `WORKSPACE` environment variable (e.g., by setting it to `/tmp` or another writable location) and can write a malicious `.env` file to that location, they can achieve arbitrary code execution or exfiltrate sensitive environment variables by including commands like `export MALICIOUS_VAR=$(cat /etc/passwd)` in the `.env` file. Avoid sourcing files from user-controlled paths. If configuration must be loaded from a dynamic path, ensure the path is strictly validated and sanitized, or use a more secure configuration loading mechanism that does not execute arbitrary shell commands. Consider using a fixed, non-writable path for `.env` files or explicitly disallow `WORKSPACE` override for this operation.	LLM	scripts/baidu-memory-tools.sh:9
HIGH	Execution of Unmanaged External Script The `triple-integration.sh` script attempts to execute `hierarchical_memory_search.sh` using `bash "$SKILL_DIR/hierarchical_memory_search.sh" "$QUERY"`. This script (`hierarchical_memory_search.sh`) is not provided within the skill package context. This constitutes an unmanaged external dependency. If this script is missing, malicious, or compromised, it poses a significant supply chain risk, potentially leading to arbitrary code execution or data exfiltration. Include all necessary scripts within the skill package. If an external script is truly required, document it clearly as a dependency and provide instructions for its secure acquisition and verification. Implement integrity checks (e.g., checksums) for external scripts before execution.	LLM	scripts/triple-integration.sh:100
MEDIUM	Sensitive environment variable access: $HOME Access to sensitive environment variable '$HOME' detected in shell context. Verify this environment variable access is necessary and the value is not exfiltrated.	Static	skills/xqicxx/triple-memory-baidu-embedding/install.sh:8

Scan History

Embed Code

[![SkillShield](https://skillshield.io/api/v1/badge/d64958d0e81d285c.svg)](https://skillshield.io/report/d64958d0e81d285c)