Trust Assessment
cancel-auto received a trust score of 68/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 4 findings: 0 critical, 1 high, 3 medium, and 0 low severity. Key findings include Missing required field: name, Sensitive environment variable access: $HOME, Direct shell command execution in skill definition.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 15, 2026 (commit 1823c3f6). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings4
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Direct execution of shell script with user-provided arguments The skill explicitly states that it executes a shell script (`plugins/specweave/scripts/cancel-auto.sh`) and passes `[args]` from the user's command directly to it. This is a classic command injection vulnerability if the `cancel-auto.sh` script does not properly sanitize or escape these arguments before using them in further shell commands. An attacker could craft malicious arguments to execute arbitrary commands on the host system. The skill definition should explicitly define the arguments it accepts and how they are passed. The `cancel-auto.sh` script must implement robust input sanitization and validation for all arguments received from the user before using them in any shell commands or file operations. Ideally, arguments should be passed as separate parameters to the script, not as a single string that could be interpreted as multiple commands. | LLM | SKILL.md:52 | |
| MEDIUM | Missing required field: name The 'name' field is required for claude_code skills but is missing from frontmatter. Add a 'name' field to the SKILL.md frontmatter. | Static | plugins/specweave/skills/cancel-auto/SKILL.md:1 | |
| MEDIUM | Sensitive environment variable access: $HOME Access to sensitive environment variable '$HOME' detected in shell context. Verify this environment variable access is necessary and the value is not exfiltrated. | Static | plugins/specweave/skills/cancel-auto/SKILL.md:6 | |
| MEDIUM | Direct shell command execution in skill definition The skill definition includes a direct shell command (`!s="cancel-auto"; for d in ...`) that is executed when the skill is loaded or processed. While the command appears to be for internal memory loading and doesn't directly process user input, direct shell execution in a skill definition is a potential command injection vector. If the paths or file contents it reads from could be manipulated by an attacker, it could lead to arbitrary command execution or data exfiltration. The command reads from `$HOME/.claude/skill-memories`, which could contain sensitive data. Avoid direct shell command execution in skill definitions. If necessary, ensure all inputs to the command (including file paths and contents) are strictly controlled and sanitized. Consider using a safer mechanism for loading skill memories if possible. | LLM | SKILL.md:7 |
Scan History
Embed Code
[](https://skillshield.io/report/85083c990c7ef199)
Powered by SkillShield