Trust Assessment
framework received a trust score of 75/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.
SkillShield's automated analysis identified 3 findings: 0 critical, 1 high, 2 medium, and 0 low severity. Key findings include Missing required field: name, Direct Shell Command Execution in Skill Initialization, Broad File System Read/Grep/Glob Permissions Combined with Shell Execution.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 15, 2026 (commit 1823c3f6). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings3
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Direct Shell Command Execution in Skill Initialization The skill contains a direct shell command (`!s="..."`) at its initialization, which is executed by the host LLM when the skill is loaded. While the current command appears to read specific internal skill memory files (`.specweave/skill-memories`, `.claude/skill-memories`) and uses `awk` to extract a specific section, direct shell execution from untrusted skill content poses a significant command injection risk. If the command or its inputs were to be modified to include arbitrary user input or malicious payloads, it could lead to arbitrary code execution. The use of `$HOME` also means it can access user-specific directories. Avoid direct shell command execution within skill definitions, especially at initialization. If necessary, use a sandboxed execution environment or specific tool calls provided by the host LLM that are designed for safe file access and parsing, rather than arbitrary shell commands. Ensure all inputs to shell commands are strictly validated and sanitized. Consider if the required functionality can be achieved using only the declared `Read`, `Grep`, `Glob` tools without resorting to shell execution. | LLM | SKILL.md:4 | |
| MEDIUM | Missing required field: name The 'name' field is required for claude_code skills but is missing from frontmatter. Add a 'name' field to the SKILL.md frontmatter. | Static | plugins/specweave/skills/framework/SKILL.md:1 | |
| MEDIUM | Broad File System Read/Grep/Glob Permissions Combined with Shell Execution The skill declares `Read`, `Grep`, and `Glob` permissions, granting it broad access to the filesystem. This, combined with the demonstrated capability for direct shell command execution (as seen in the initialization command), creates a heightened risk. While the current shell command is specific to reading internal skill memory, the broad permissions mean that a malicious modification to the shell command could potentially read or exfiltrate sensitive data from arbitrary locations on the filesystem, or perform other actions within the scope of these permissions. Review and restrict permissions to the absolute minimum required for the skill's functionality. If shell execution is truly necessary, ensure it operates within a highly sandboxed environment and that all inputs are rigorously validated and sanitized. Consider if specific, more granular tools could replace the need for broad `Read`/`Grep`/`Glob` and shell execution. | LLM | Manifest:1 |
Scan History
Embed Code
[](https://skillshield.io/report/9ed4a1715070709e)
Powered by SkillShield