Trust Assessment
save received a trust score of 51/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 5 findings: 1 critical, 2 high, 2 medium, and 0 low severity. Key findings include Missing required field: name, Sensitive environment variable access: $HOME, Direct Shell Command Execution in Skill Definition.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 40/100, indicating areas for improvement.
Last analyzed on February 15, 2026 (commit 1823c3f6). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings5
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Direct Shell Command Execution in Skill Definition The `SKILL.md` file contains a line starting with `!` followed by a complex shell command. In some LLM agent environments (potentially `claude_code` as indicated by the ecosystem metadata), this syntax indicates direct execution of the shell command within the skill's definition. This allows arbitrary command execution, including accessing the user's home directory (`$HOME`) and reading files, without explicit user interaction or sanitization. This is a severe vulnerability as the skill's definition itself could be a vector for attack. Remove direct shell command execution from markdown definitions. If dynamic content is needed, use a secure templating engine or API that explicitly sanitizes inputs and restricts execution contexts. Ensure the skill runtime environment does not execute shell commands embedded directly in markdown. | LLM | SKILL.md:10 | |
| HIGH | Potential Command Injection via User-Provided Commit Message The skill's description indicates that user-provided input (e.g., from `/sw:save "msg"`) is intended to be used directly as the commit message in a `git commit -m "<message>"` command. If the `<message>` is not rigorously sanitized to escape shell metacharacters (such as quotes, semicolons, or backticks) before being passed to the shell, a malicious user could inject arbitrary shell commands. These commands would then be executed in the context of the skill's environment. Ensure all user-provided input used in shell commands is rigorously sanitized and escaped. Prefer using a Git client library or API that handles command arguments safely rather than direct shell execution with string concatenation. Implement strict input validation for commit messages. | LLM | SKILL.md:49 | |
| HIGH | Potential Command Injection via User-Provided Branch Name The skill's description indicates that a user-provided branch name (e.g., via the `--branch <name>` flag) is intended to be used directly in a `git push origin <branch>` command. If the `<branch>` name is not rigorously sanitized to escape shell metacharacters before being passed to the shell, a malicious user could inject arbitrary shell commands. These commands would then be executed in the context of the skill's environment. Ensure all user-provided input used in shell commands is rigorously sanitized and escaped. Prefer using a Git client library or API that handles command arguments safely rather than direct shell execution with string concatenation. Implement strict input validation for branch names. | LLM | SKILL.md:50 | |
| MEDIUM | Missing required field: name The 'name' field is required for claude_code skills but is missing from frontmatter. Add a 'name' field to the SKILL.md frontmatter. | Static | plugins/specweave/skills/save/SKILL.md:1 | |
| MEDIUM | Sensitive environment variable access: $HOME Access to sensitive environment variable '$HOME' detected in shell context. Verify this environment variable access is necessary and the value is not exfiltrated. | Static | plugins/specweave/skills/save/SKILL.md:6 |
Scan History
Embed Code
[](https://skillshield.io/report/fe491030393e612e)
Powered by SkillShield