Trust Assessment
jobs received a trust score of 62/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 5 findings: 0 critical, 1 high, 4 medium, and 0 low severity. Key findings include Missing required field: name, Sensitive environment variable access: $HOME, Direct Shell Command Execution in Skill Definition.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 15, 2026 (commit 1823c3f6). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings5
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Direct Shell Command Execution in Skill Definition The skill definition in SKILL.md contains a direct shell command execution using the `!` prefix. This command attempts to read from specific skill-memory files. While the command itself appears benign in this context, the capability to execute arbitrary shell commands directly within the skill's markdown definition is a significant security risk. If an attacker could modify this file, they could inject and execute malicious commands. Avoid embedding direct shell command execution within markdown skill definitions. If external logic is required, encapsulate it in a dedicated, thoroughly vetted script that is executed in a controlled and sandboxed environment. Ensure any inputs to such scripts are properly sanitized. | LLM | SKILL.md:7 | |
| MEDIUM | Missing required field: name The 'name' field is required for claude_code skills but is missing from frontmatter. Add a 'name' field to the SKILL.md frontmatter. | Static | plugins/specweave/skills/jobs/SKILL.md:1 | |
| MEDIUM | Sensitive environment variable access: $HOME Access to sensitive environment variable '$HOME' detected in shell context. Verify this environment variable access is necessary and the value is not exfiltrated. | Static | plugins/specweave/skills/jobs/SKILL.md:6 | |
| MEDIUM | External Script Execution via UserPromptSubmit Hook The skill description states that a 'UserPromptSubmit hook' directly runs external scripts (`read-jobs.sh` or `jobs.js`). This mechanism allows for command execution. Without access to the content of these scripts, their security posture cannot be fully assessed. If these scripts are not properly secured, they could introduce command injection vulnerabilities or other risks. Thoroughly review `read-jobs.sh` and `jobs.js` for any potential command injection vulnerabilities, insecure file operations, or excessive permissions. Ensure these scripts are executed with the principle of least privilege and that all inputs are properly sanitized and validated. | LLM | SKILL.md:19 | |
| MEDIUM | Implicit Excessive Permissions for Shell and File System Access The skill implicitly requires broad permissions to execute shell commands and read from the user's home directory (e.g., `$HOME/.claude/skill-memories`). This is a direct consequence of the direct shell command execution and external script execution identified. Such broad access increases the attack surface if the skill or its dependencies are compromised. Implement a strict sandboxing or containerization strategy for skill execution environments. Restrict shell access and file system access to only what is absolutely necessary for the skill's intended function. Avoid reading from arbitrary paths within the user's home directory unless strictly required and validated. | LLM | SKILL.md:7 |
Scan History
Embed Code
[](https://skillshield.io/report/9d21fb21da99896a)
Powered by SkillShield