Trust Assessment
increment received a trust score of 65/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 5 findings: 0 critical, 1 high, 3 medium, and 1 low severity. Key findings include Missing required field: name, Sensitive environment variable access: $HOME, Potential Command Injection via unsanitized arguments in shell commands.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 15, 2026 (commit 1823c3f6). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings5
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Potential Command Injection via unsanitized arguments in shell commands The skill instructs the LLM to construct and execute shell commands like `specweave create-increment` and `mkdir`. The arguments for these commands (e.g., `--id`, `--title`, `--description`, directory names) are expected to be filled by the LLM, potentially using user-provided input. If the LLM does not properly sanitize or escape user input before embedding it into these shell commands, an attacker could inject arbitrary shell commands. For example, a malicious title like `My Feature"; rm -rf /; echo "` could lead to arbitrary code execution. Instruct the LLM to always sanitize and properly quote/escape any user-provided input before incorporating it into shell commands. Specifically, ensure that arguments are enclosed in single quotes or properly escaped to prevent shell metacharacter interpretation. For example, `specweave create-increment --id "$(printf '%q' "XXXX-name")" ...`. | LLM | SKILL.md:147 | |
| MEDIUM | Missing required field: name The 'name' field is required for claude_code skills but is missing from frontmatter. Add a 'name' field to the SKILL.md frontmatter. | Static | plugins/specweave/skills/increment/SKILL.md:1 | |
| MEDIUM | Sensitive environment variable access: $HOME Access to sensitive environment variable '$HOME' detected in shell context. Verify this environment variable access is necessary and the value is not exfiltrated. | Static | plugins/specweave/skills/increment/SKILL.md:10 | |
| MEDIUM | Execution of unanalyzed shell scripts via manifest hooks The skill manifest defines `PreToolUse` and `PostToolUse` hooks that execute external shell scripts (`plugins/specweave/hooks/v2/guards/*.sh`). The content of these scripts is not provided in the analysis context. Without reviewing the scripts, it's impossible to determine if they contain vulnerabilities such as command injection (if they process untrusted input) or if they perform actions with excessive permissions. This creates a blind spot in the security analysis. Provide the content of all executed shell scripts (`plugins/specweave/hooks/v2/guards/*.sh`) for a complete security analysis. Ensure these scripts properly sanitize any input they receive and operate with the principle of least privilege. | LLM | Manifest | |
| LOW | Broad filesystem access to user's home directory for skill memories The skill accesses `$HOME/.claude/skill-memories` to retrieve "Learnings". While this is likely intended for the skill's operation, accessing the user's home directory is a broad permission. If sensitive or confidential data is stored in these skill memory files, and the LLM is prompted to output it, it could lead to unintended data exposure. Review the contents of `$HOME/.claude/skill-memories` to ensure no highly sensitive data is stored there. If sensitive data must be stored, consider more granular access controls or encryption. Clarify in the skill's documentation what kind of data is expected in these memory files. | LLM | SKILL.md:17 |
Scan History
Embed Code
[](https://skillshield.io/report/a9fe6eda53a4e8cd)
Powered by SkillShield