Security Audit
AgriciDaniel/claude-seo:seo
github.com/AgriciDaniel/claude-seoTrust Assessment
AgriciDaniel/claude-seo:seo received a trust score of 55/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 4 findings: 0 critical, 3 high, 1 medium, and 0 low severity. Key findings include Dangerous tool allowed: Bash, Broad tool permissions enable high-risk operations, Risk of Command Injection due to Bash access and user-controlled input.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 63/100, indicating areas for improvement.
Last analyzed on February 22, 2026 (commit 323e105a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings4
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Dangerous tool allowed: Bash The skill allows the 'Bash' tool without constraints. This grants arbitrary command execution. Remove unconstrained shell/exec tools from allowed-tools, or add specific command constraints. | Static | seo/SKILL.md:1 | |
| HIGH | Broad tool permissions enable high-risk operations The skill requests a broad set of powerful tools including `Bash`, `Read`, `Grep`, `Glob`, and `WebFetch`. While some of these might be necessary for comprehensive SEO analysis, the combination of arbitrary command execution (`Bash`), extensive filesystem access (`Read`, `Grep`, `Glob`), and external network capabilities (`WebFetch`) creates a significant attack surface. This allows for potential command injection, data exfiltration, and other malicious activities if the skill's implementation does not rigorously sanitize all user inputs and internal data flows. Review and restrict `allowed-tools` to the absolute minimum necessary for the skill's functionality. If `Bash` is essential, ensure all calls are strictly controlled and user inputs are thoroughly sanitized and escaped. Consider using safer, more specific tools or APIs instead of `Bash` where possible. Implement strict input validation and output sanitization for all user-facing commands. | LLM | SKILL.md:1 | |
| HIGH | Risk of Command Injection due to Bash access and user-controlled input The skill declares `Bash` as an allowed tool and defines multiple user-facing commands (e.g., `/seo audit <url>`, `/seo page <url>`) that accept dynamic input such as URLs. If these user-supplied arguments are directly or indirectly incorporated into `Bash` commands without proper sanitization and escaping, an attacker could inject arbitrary shell commands. This could lead to remote code execution, data manipulation, or system compromise. Implement stringent input validation and sanitization for all user-provided arguments before they are used in any `Bash` command. Use parameterized commands or shell-escaping libraries to prevent command injection. Avoid direct concatenation of user input into shell commands. If possible, replace `Bash` usage with safer, more specific API calls or libraries. | LLM | SKILL.md:10 | |
| MEDIUM | Combined filesystem and network access enables data exfiltration The skill is granted permissions to access the local filesystem (`Read`, `Grep`, `Glob`) and to make external network requests (`WebFetch`). This combination creates a credible path for data exfiltration. An attacker could potentially craft an input that causes the skill to read sensitive local files (e.g., configuration files, user data) and then transmit their contents to an external, attacker-controlled server via `WebFetch`. Carefully review all code paths that involve reading local files and making network requests. Ensure that no user-controlled input can influence which files are read or where network requests are sent. Implement strict allow-lists for file paths and domains if possible. Log all file access and network activity for auditing. | LLM | SKILL.md:1 |
Scan History
Embed Code
[](https://skillshield.io/report/aa0bf5e544856b25)
Powered by SkillShield