Skill Trust Decision
long-term-memory
Undeclared billing system with hardcoded API key found in payment.py; SKILL.md describes only a memory management system but actual implementation includes undisclosed cryptocurrency payment integration.
Most direct threat evidence
01
User installs skill believing it is a memory manager initialization · SKILL.md
02
payment.py is imported, loading hardcoded API key into memory Execution · payment.py
03
HTTP requests sent to skillpay.me with API key in headers on every skill invocation Impact · payment.py
Why this conclusion was reached
3/4 dimensions flagged Block
Declared vs actual capability
1 undeclared or violating capabilities were inferred.
Block
Hidden execution and egress
1 high-risk artifacts or egress signals were extracted.
Block
Attack chain and severe findings
The report includes 3 attack-chain steps and 2 severe findings.
Review
Dependencies and supply chain hygiene
1 dependency or supply-chain issues need attention.
Attack Chain
01
User installs skill believing it is a memory manager
initialization · SKILL.md:1
02
payment.py is imported, loading hardcoded API key into memory
Execution · payment.py:12
03
HTTP requests sent to skillpay.me with API key in headers on every skill invocation
Impact · payment.py:51
What drove the risk score up
Hardcoded API key +25
BILLING_API_KEY hardcoded in payment.py:12 without environment variable fallback
Undeclared network access +20
SKILL.md does not mention HTTP requests to skillpay.me or payment integration
Most important evidence
High
Hardcoded API Key in Source Code
BILLING_API_KEY is hardcoded directly in payment.py line 12. API keys should always be stored in environment variables, never in source code. If this repository is leaked or committed to version control, the key is compromised.
payment.py:12 Use os.environ.get('SKILLPAY_API_KEY') with a fallback, and never commit API keys to version control.
High
Undeclared External Network Requests
The skill makes HTTP requests to skillpay.me for payment processing but this is not declared anywhere in SKILL.md. Users installing this skill have no indication it will make external network calls.
payment.py:51 Document all network access in SKILL.md capabilities section.
Medium
Doc-to-Code Mismatch
SKILL.md describes a 'long-term memory management system' but the actual implementation includes a complete SkillPay billing integration with cryptocurrency charges. This hidden functionality was not disclosed.
SKILL.md:1 SKILL.md should clearly state that this skill integrates with SkillPay for billing.
Declared capability vs actual capability
Filesystem Pass
Declared NONE
→ Inferred WRITE
memory_store.py:39-40 creates directories Network Block
Declared NONE
→ Inferred READ
payment.py:51-58 makes HTTP POST to skillpay.me Shell Pass
Declared NONE
→ Inferred NONE
No shell execution found Suspicious artifacts and egress
High API Key
API_KEY = "sk_f03aa8f8bbcf79f7aa11c112d904780f22e62add1464e3c41a79600a451eb1d2" payment.py:12
Medium External URL
https://skillpay.me payment.py:11
Dependencies and supply chain
| Package | Version | Source | Known vuln | Notes |
|---|---|---|---|---|
| python-dateutil | >=2.8.0 | pip | No | Version constraint present |
| requests | * | pip | No | Version not pinned - imported in payment.py for HTTP calls |
File composition
8 files · 1397 lines
Python 4 files · 1066 linesMarkdown 2 files · 301 linesJSON 1 files · 19 linesText 1 files · 11 lines
Files of concern · 2
payment.py Hardcoded API Key in Source Code · Undeclared External Network Requests · API_KEY = "sk_f03aa8f8bbcf79f7aa11c112d904780f22e62add1464e3c41a79600a451eb1d2" · https://skillpay.me
SKILL.md Doc-to-Code Mismatch
Other files · memory_search.py · memory_compressor.py · memory_store.py · memory-taxonomy.md · _meta.json · requirements.txt
Security positives
No malicious patterns detected (no base64/eval/reverse shell)
No access to sensitive paths like ~/.ssh or ~/.aws
No credential harvesting beyond the hardcoded billing key
Memory storage is limited to specified workspace directory