Security Audit

release-coordinator

github.com/anton-abyzov/specweave

AI SkillCommit 1823c3f6cf4d

CAUTION

Scanned 5 days ago

Critical

Immediate action required

High

Priority fixes suggested

Medium

Best practices review

Low

Acknowledged / Tracked

Trust Assessment

release-coordinator received a trust score of 74/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.

SkillShield's automated analysis identified 3 findings: 0 critical, 1 high, 2 medium, and 0 low severity. Key findings include Missing required field: name, Broad 'Bash' permission declared, Broad filesystem permissions declared.

The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.

Last analyzed on February 15, 2026 (commit 1823c3f6). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.

Layer Breakdown

Manifest Analysis

100%

Static Code Analysis

93%

Dependency Graph

100%

LLM Behavioral Safety

78%

Behavioral Risk Signals

Filesystem Write

1 finding

Shell Execution

1 finding

Dynamic Code

1 finding

Excessive Permissions

2 findings

Security Findings3

Severity	Finding	Layer	Location
HIGH	Broad 'Bash' permission declared The skill declares the 'Bash' tool, which allows the agent to execute arbitrary shell commands. While this permission is often necessary for skills that interact with version control systems (like Git) or package managers (like npm) as described in the skill, it introduces a significant security risk. A compromised agent or a successful prompt injection could leverage this permission to execute malicious commands on the host system, potentially leading to data loss, unauthorized access, or system compromise. Implement strict input validation and sandboxing for any agent interactions that could lead to shell command execution. Limit the scope of Bash commands to only what is absolutely necessary for the skill's function. If possible, consider using more granular, purpose-built tools or APIs instead of raw Bash for specific operations.	LLM	SKILL.md
MEDIUM	Missing required field: name The 'name' field is required for claude_code skills but is missing from frontmatter. Add a 'name' field to the SKILL.md frontmatter.	Static	plugins/specweave-release/skills/release-coordinator/SKILL.md:1
MEDIUM	Broad filesystem permissions declared The skill declares 'Read', 'Write', and 'Edit' permissions, granting the agent broad access to the filesystem. While a release coordinator skill may require file manipulation (e.g., updating changelogs, version files, or configuration), these permissions allow access to any file the agent has permissions for. This increases the risk of data exfiltration, unauthorized modification, or integrity issues if the agent is compromised or misused. Implement strict access controls and sandboxing for filesystem operations. Ensure the agent only accesses files and directories explicitly required for its tasks. If possible, use more granular file access tools or APIs that restrict operations to specific paths or file types, rather than broad 'Read', 'Write', 'Edit' capabilities.	LLM	SKILL.md

Scan History

Embed Code

[![SkillShield](https://skillshield.io/api/v1/badge/b51c9b5a99b6a653.svg)](https://skillshield.io/report/b51c9b5a99b6a653)