Trust Assessment
do received a trust score of 66/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 5 findings: 0 critical, 1 high, 3 medium, and 1 low severity. Key findings include Missing required field: name, Sensitive environment variable access: $HOME, Direct execution of unvetted external shell scripts.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 15, 2026 (commit 1823c3f6). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings5
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Direct execution of unvetted external shell scripts The skill directly executes multiple external shell scripts (`plugins/specweave/hooks/v2/guards/task-ac-sync-guard.sh`, `plugins/specweave/hooks/pre-increment-start.sh`, `.specweave/scripts/skill-context.sh`). The content and security posture of these scripts are unknown. If these scripts contain vulnerabilities (e.g., unsafe handling of arguments, malicious code) or are compromised, they pose a significant command injection risk, allowing arbitrary code execution within the agent's environment. This also represents a supply chain risk as the skill's security is dependent on these external, unvetted components. 1. **Vet all external scripts**: Thoroughly review the source code of `task-ac-sync-guard.sh`, `pre-increment-start.sh`, and `skill-context.sh` for vulnerabilities, especially regarding argument handling and external calls. 2. **Argument Sanitization**: Ensure all arguments passed to these scripts (e.g., `<increment-path>`) are strictly validated and sanitized to prevent path traversal or command injection. 3. **Principle of Least Privilege**: Ensure these scripts run with the minimum necessary permissions. 4. **Integrity Checks**: Implement integrity checks (e.g., checksums) for these scripts to detect unauthorized modifications. 5. **Consider alternatives**: If possible, replace shell script execution with safer, in-process language constructs or well-defined APIs. | LLM | SKILL.md:10 | |
| MEDIUM | Missing required field: name The 'name' field is required for claude_code skills but is missing from frontmatter. Add a 'name' field to the SKILL.md frontmatter. | Static | plugins/specweave/skills/do/SKILL.md:1 | |
| MEDIUM | Sensitive environment variable access: $HOME Access to sensitive environment variable '$HOME' detected in shell context. Verify this environment variable access is necessary and the value is not exfiltrated. | Static | plugins/specweave/skills/do/SKILL.md:6 | |
| MEDIUM | Automatic use of discovered credentials without explicit confirmation The skill actively searches for sensitive environment variables in `.env` files (e.g., `SUPABASE`, `DATABASE_URL`, `AWS_`). If found, the skill states it will 'execute directly' without further user confirmation. While the `grep` command itself doesn't exfiltrate, the subsequent automatic execution implies that the skill will use these credentials. This creates a risk of credential harvesting if the skill's subsequent actions are compromised or if the skill's intended use of these credentials is not fully transparent or secure. 1. **Explicit User Confirmation**: Always require explicit user confirmation before using any discovered credentials, even if they are found in a `.env` file. 2. **Secure Credential Management**: Integrate with a secure credential management system rather than relying on direct `.env` file access for sensitive production credentials. 3. **Scope Limitation**: Ensure that credentials are only used for their intended, narrowly defined purpose and are not exposed to unnecessary parts of the skill or external services. | LLM | SKILL.md:140 | |
| LOW | Broad file system access with potential for path traversal The skill accesses various files and directories, including user-specific paths like `$HOME/.claude/skill-memories` and project-specific paths derived from `<increment-id>`. While the skill mentions 'Normalize ID to 4-digit format', the overall broad file system access, especially when constructing paths with user-influenced variables (like `<increment-path>` or `<increment-id>`), introduces a potential for path traversal. If an attacker can manipulate these inputs, they might be able to access or modify files outside the intended scope. 1. **Strict Path Validation**: Implement rigorous validation and sanitization for all user-controlled inputs that are used to construct file paths, ensuring they do not contain path traversal sequences (e.g., `../`). 2. **Confine File Access**: Restrict file system access to the absolute minimum necessary directories and files using sandboxing or containerization if possible. 3. **Canonicalize Paths**: Always canonicalize paths before use to resolve any symbolic links or `.` / `..` components. | LLM | SKILL.md:6 |
Scan History
Embed Code
[](https://skillshield.io/report/354b30ec2f28c220)
Powered by SkillShield