中文 EN

Scan Report

Scan New Files

Low Risk — Risk Score 15/100
Last scan:23 hr ago Rescan
15 /100
memory-hybrid-stack
Hybrid memory stack management skill for Postgres, Redis, and Qdrant databases
This is a legitimate memory stack management skill with straightforward database wrapper scripts that connect only to localhost. No malicious patterns detected, though SQL/command injection is theoretically possible if users provide unsanitized input.
Skill Namememory-hybrid-stack
Duration38.9s
Enginepi
Safe to install
The skill is safe for use but should not be granted arbitrary SQL execution capabilities. Validate and sanitize any user-provided SQL/Redis commands before passing to scripts.

Findings 3 items

Severity Finding Location
Low
Potential SQL injection via facts_sql.sh RCE
The script passes all arguments directly to psql without sanitization. If the AI agent can control the SQL string, malicious queries could be executed.
SQL="$*"
printf '%s\n' "$SQL" | "${PSQL[@]}"
→ Consider implementing query validation or using parameterized queries if possible.
 scripts/facts_sql.sh:29
Low
Potential command injection via state_kv.sh RCE
Redis keys and values are passed directly to redis-cli without escaping. Malicious key names could potentially cause issues.
"${CLI[@]}" GET "$key"
→ Validate key names before passing to redis-cli.
 scripts/state_kv.sh:55
Low
Redis password visible in process arguments Credential Theft
When a Redis password is configured, it is passed via -a flag to redis-cli, making it visible in process listings.
CLI+=(-a "$REDIS_PASSWORD")
→ Use REDISCLI_AUTH environment variable instead for better security.
 scripts/state_kv.sh:27
ResourceDeclaredInferredStatusEvidence
Filesystem READ READ ✓ Aligned Scripts read .env file via source; file paths are controlled and documented
Network READ READ ✓ Aligned All scripts connect only to localhost (Postgres, Redis, Qdrant)
Shell WRITE WRITE ✓ Aligned SKILL.md declares shell execution for running database scripts
Environment READ READ ✓ Aligned Scripts source .env file; credentials stay local
Skill Invoke NONE NONE No cross-skill invocation detected
Clipboard NONE NONE No clipboard access
Browser NONE NONE No browser access
Database WRITE WRITE ✓ Aligned SQL, Redis, and Qdrant operations documented and scoped to localhost

File Tree

5 files · 10.7 KB · 349 lines
Markdown 2f · 206L Shell 3f · 143L
├─ 📁 references
│ └─ 📝 connection-map.md Markdown 71L · 1.9 KB
├─ 📁 scripts
│ ├─ 🔧 facts_sql.sh Shell 34L · 837 B
│ ├─ 🔧 qdrant_request.sh Shell 44L · 1017 B
│ └─ 🔧 state_kv.sh Shell 65L · 1.2 KB
└─ 📝 SKILL.md Markdown 135L · 5.8 KB

Security Positives

✓ All network connections are localhost-only (no external IP communication)
✓ No base64 encoding or obfuscation detected
✓ No credential exfiltration or data theft patterns
✓ No reverse shell or C2 communication
✓ Documentation accurately describes the scripts' behavior
✓ Scripts use set -euo pipefail for safe bash practices
✓ Credentials are only used locally for database authentication