Trust Assessment
qa-engineer received a trust score of 58/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 3 findings: 1 critical, 1 high, 1 medium, and 0 low severity. Key findings include Missing required field: name, Excessive 'Bash' permission declared, Excessive 'Write', 'Edit', 'Glob', and 'Grep' permissions declared.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 55/100, indicating areas for improvement.
Last analyzed on February 15, 2026 (commit 1823c3f6). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings3
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Excessive 'Bash' permission declared The skill declares 'Bash' as an allowed tool in its manifest. This grants the agent the ability to execute arbitrary shell commands on the host system (or within its sandboxed environment). While a QA engineer agent may require command execution for running tests (e.g., `npx playwright test`, `npm audit`), unrestricted 'Bash' access poses a critical security risk. It enables potential command injection, data exfiltration, or system modification if the agent is compromised or instructed maliciously. The skill's internal 'CLI-First Rule' for Playwright, which instructs the agent to use `npx playwright test`, confirms the reliance on this 'Bash' capability, highlighting the broad scope of its intended use. Review the necessity of unrestricted 'Bash' access. If possible, replace 'Bash' with more granular, purpose-built tools or an allowlist of specific, pre-approved commands. Implement strict sandboxing and monitoring for any 'Bash' executions. Ensure all inputs to 'Bash' commands are properly sanitized and validated to prevent command injection. | LLM | Manifest:1 | |
| HIGH | Excessive 'Write', 'Edit', 'Glob', and 'Grep' permissions declared The skill declares 'Write', 'Edit', 'Glob', and 'Grep' as allowed tools. While a QA engineer agent might need to write test files or read project files, the combination of these permissions, especially when coupled with 'Bash' access, significantly increases the attack surface. 'Write' and 'Edit' allow arbitrary file modification, potentially leading to persistence or tampering. 'Glob' and 'Grep' enable broad file system reconnaissance and searching for sensitive data, which could then be exfiltrated via 'Bash'. Evaluate if 'Write', 'Edit', 'Glob', and 'Grep' permissions are strictly necessary and if their scope can be limited. For example, restrict 'Write'/'Edit' to specific directories (e.g., 'tests/' folder) and 'Glob'/'Grep' to relevant project files, rather than the entire filesystem. Implement robust input validation and output filtering for any operations involving these tools. | LLM | Manifest:1 | |
| MEDIUM | Missing required field: name The 'name' field is required for claude_code skills but is missing from frontmatter. Add a 'name' field to the SKILL.md frontmatter. | Static | plugins/specweave-testing/skills/qa-engineer/SKILL.md:1 |
Scan History
Embed Code
[](https://skillshield.io/report/044525ce0bc4d7b8)
Powered by SkillShield