Security Audit

architect

github.com/anton-abyzov/specweave

AI SkillCommit 1823c3f6cf4d

CAUTION

Scanned 5 days ago

Critical

Immediate action required

High

Priority fixes suggested

Medium

Best practices review

Low

Acknowledged / Tracked

Trust Assessment

architect received a trust score of 51/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.

SkillShield's automated analysis identified 4 findings: 1 critical, 1 high, 2 medium, and 0 low severity. Key findings include Missing required field: name, Sensitive environment variable access: $HOME, Skill executes arbitrary shell commands.

The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 55/100, indicating areas for improvement.

Last analyzed on February 15, 2026 (commit 1823c3f6). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.

Layer Breakdown

Manifest Analysis

100%

Static Code Analysis

86%

Dependency Graph

100%

LLM Behavioral Safety

55%

Behavioral Risk Signals

Filesystem Write

2 findings

Shell Execution

3 findings

Dynamic Code

1 finding

Excessive Permissions

2 findings

Security Findings4

Severity	Finding	Layer	Location
CRITICAL	Skill executes arbitrary shell commands The skill contains a shell command prefixed with `!` that executes a `for` loop and `awk` command. This allows the skill to run arbitrary shell commands on the host system. While the current command reads specific 'skill memory' files, the underlying capability for shell execution is a severe security risk. An attacker could potentially modify this skill or inject into its parameters to execute malicious commands, leading to system compromise, data exfiltration, or denial of service. Avoid direct shell command execution within skill definitions. If file reading or dynamic content loading is necessary, use a secure, sandboxed file access mechanism provided by the agent framework, or implement a dedicated tool that strictly validates paths and content. Do not rely on `!` or similar escape hatches for shell execution.	LLM	SKILL.md:6
HIGH	Skill reads local files, potentially exfiltrating sensitive data The skill executes a shell command that uses `awk` to read content from files located in `.specweave/skill-memories`, `.claude/skill-memories`, and `$HOME/.claude/skill-memories`. The extracted content (under '## Learnings') is then likely incorporated into the LLM's context. If these 'skill memory' files contain sensitive information (e.g., personal data, internal project details, or even credentials if stored insecurely), this mechanism could lead to the exfiltration of that data through the LLM's responses or logs. The use of `$HOME` also indicates broad file system access. Implement secure file access mechanisms that restrict file paths to a designated, non-sensitive directory and sanitize or redact any potentially sensitive information before it is passed to the LLM. Avoid reading arbitrary files from the user's home directory. Ensure that 'skill memory' files do not store sensitive information.	LLM	SKILL.md:6
MEDIUM	Missing required field: name The 'name' field is required for claude_code skills but is missing from frontmatter. Add a 'name' field to the SKILL.md frontmatter.	Static	plugins/specweave/skills/architect/SKILL.md:1
MEDIUM	Sensitive environment variable access: $HOME Access to sensitive environment variable '$HOME' detected in shell context. Verify this environment variable access is necessary and the value is not exfiltrated.	Static	plugins/specweave/skills/architect/SKILL.md:6

Scan History

Embed Code

[![SkillShield](https://skillshield.io/api/v1/badge/885fe44a4c476577.svg)](https://skillshield.io/report/885fe44a4c476577)