Trust Assessment
preview received a trust score of 63/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 4 findings: 0 critical, 2 high, 2 medium, and 0 low severity. Key findings include Missing required field: name, Potential Command Injection via `npm install` in user project, Unspecified/Unpinned Dependencies for Docusaurus installation.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 63/100, indicating areas for improvement.
Last analyzed on February 15, 2026 (commit 1823c3f6). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings4
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Potential Command Injection via `npm install` in user project The skill description indicates it 'Installs dependencies from public npm registry' and 'Works in any SpecWeave project automatically'. This strongly suggests the skill executes `npm install` within the user's project directory. If the user's project contains a malicious `package.json` with `preinstall` or `postinstall` scripts, these scripts could execute arbitrary commands on the host system when `npm install` is run by the skill. The skill should avoid running `npm install` directly in user-controlled directories without strict sandboxing or validation of `package.json` scripts. If `npm install` is necessary, consider running it with `--ignore-scripts` or in a highly isolated environment. Alternatively, the skill should manage its own dependencies in a controlled, isolated environment, rather than relying on the user's project `package.json` for installation. | LLM | SKILL.md:30 | |
| HIGH | Unspecified/Unpinned Dependencies for Docusaurus installation The skill states it 'Creates Docusaurus in .specweave/cache/docs-site/' and 'Installs dependencies from public npm registry'. It does not specify which version of Docusaurus or its dependencies will be installed. Without explicit version pinning, the skill could inadvertently install vulnerable or malicious versions of Docusaurus or its underlying packages if they are compromised in the public npm registry. This also applies if the skill relies on a user's `package.json` without validating its contents. Ensure all installed dependencies, including Docusaurus itself, are explicitly version-pinned to known good versions. Use a `package-lock.json` or similar mechanism to guarantee deterministic installations. If relying on a user's `package.json`, implement strict validation or run `npm install` with `--ignore-scripts` and then explicitly install known-good versions of required tools. | LLM | SKILL.md:29 | |
| MEDIUM | Missing required field: name The 'name' field is required for claude_code skills but is missing from frontmatter. Add a 'name' field to the SKILL.md frontmatter. | Static | plugins/specweave-docs/skills/preview/SKILL.md:1 | |
| MEDIUM | Vague 'auto-fixes' imply broad filesystem modification The skill description mentions 'Runs pre-flight validation (auto-fixes common issues)'. The nature and scope of these 'auto-fixes' are not detailed. This could imply the skill has broad permissions to modify files within the user's project directory, potentially leading to unintended data loss, corruption, or even malicious alterations if the 'fix' logic is flawed or can be influenced by untrusted input. Clearly define and limit the scope of 'auto-fixes'. Specify exactly which files or directories might be modified and under what conditions. Provide an option for the user to review or confirm changes before they are applied. Ideally, 'fixes' should be non-destructive or reversible, and confined to specific, well-understood configurations. | LLM | SKILL.md:50 |
Scan History
Embed Code
[](https://skillshield.io/report/8b6738f449d8b676)
Powered by SkillShield