Security Audit

validate

github.com/anton-abyzov/specweave

AI SkillCommit 1823c3f6cf4d

CAUTION

Scanned 5 days ago

Critical

Immediate action required

High

Priority fixes suggested

Medium

Best practices review

Low

Acknowledged / Tracked

Trust Assessment

validate received a trust score of 59/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.

SkillShield's automated analysis identified 7 findings: 0 critical, 1 high, 5 medium, and 1 low severity. Key findings include Missing required field: name, Sensitive environment variable access: $HOME, Unsanitized user input passed to CLI command.

The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 62/100, indicating areas for improvement.

Last analyzed on February 15, 2026 (commit 1823c3f6). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.

Layer Breakdown

Manifest Analysis

100%

Static Code Analysis

86%

Dependency Graph

100%

LLM Behavioral Safety

62%

Behavioral Risk Signals

Network Access

1 finding

Filesystem Write

2 findings

Shell Execution

6 findings

Dynamic Code

4 findings

Excessive Permissions

2 findings

Security Findings7

Severity	Finding	Layer	Location
HIGH	Unsanitized user input passed to CLI command The skill description indicates that user-provided `<increment-id>` is passed to the `specweave qa` CLI command. If this input is not properly sanitized, a malicious `increment-id` (e.g., `1234; rm -rf /`) could lead to arbitrary command execution. This is a direct command injection vulnerability. Ensure all user-provided arguments (like `increment-id`) are strictly validated and sanitized (e.g., using a whitelist of allowed characters, or by quoting/escaping them appropriately) before being passed to any shell command or subprocess.	LLM	SKILL.md:69
MEDIUM	Missing required field: name The 'name' field is required for claude_code skills but is missing from frontmatter. Add a 'name' field to the SKILL.md frontmatter.	Static	plugins/specweave/skills/validate/SKILL.md:1
MEDIUM	Sensitive environment variable access: $HOME Access to sensitive environment variable '$HOME' detected in shell context. Verify this environment variable access is necessary and the value is not exfiltrated.	Static	plugins/specweave/skills/validate/SKILL.md:6
MEDIUM	Access to user's home directory for skill memories The skill executes a shell command that attempts to read files from `$HOME/.claude/skill-memories`. Accessing files in the user's home directory, especially outside the immediate project context, could lead to the exposure of sensitive user data if those memory files contain such information. This also represents excessive permissions for a skill that might only need project-specific access. Restrict file access to only necessary project-specific directories. If `$HOME/.claude/skill-memories` is truly required, ensure that the files stored there are not sensitive or that access is strictly controlled and justified. Consider using a more confined storage mechanism.	LLM	SKILL.md:10
MEDIUM	Execution of external script without content analysis The skill executes `!`.specweave/scripts/skill-context.sh validate`. While the argument `validate` is a literal string here, the script `skill-context.sh` itself is an external component of the skill package. Without analyzing the content of `skill-context.sh`, it's impossible to guarantee that it doesn't contain internal command injection vulnerabilities or perform other risky operations (e.g., data exfiltration). The invocation itself is a point of trust. Provide the content of `skill-context.sh` for analysis. Ensure that `skill-context.sh` does not take untrusted input or, if it does, that it sanitizes all inputs before use in shell commands.	LLM	SKILL.md:14
MEDIUM	Shell command execution in manifest hook The skill manifest defines a `Stop` hook that executes `bash plugins/specweave/hooks/v2/guards/spec-validation-guard.sh`. This is a direct shell command execution. While the manifest itself doesn't show arguments being passed to this specific hook, if the script `spec-validation-guard.sh` were to derive any part of its execution from untrusted environment variables or other skill state influenced by user input, it could lead to command injection. The content of the script is not provided for analysis. Provide the content of `plugins/specweave/hooks/v2/guards/spec-validation-guard.sh` for analysis. Ensure that this script does not process any untrusted input without proper sanitization.	LLM	Manifest (frontmatter JSON)
LOW	Implied shell operations for auto-fixing issues The skill description mentions that the `--fix` flag will "identify HIGH-priority fixable issues, generate diffs, show to user for confirmation, apply if approved, then re-validate." The process of generating and applying diffs often involves shell commands (e.g., `git diff`, `patch`). If the content of the "fixable issues" or the generated "diffs" are influenced by untrusted input (e.g., from the AI assessment or user-provided content), this could lead to command injection when these operations are performed. Ensure that any commands used to generate or apply diffs (e.g., `git diff`, `patch`) strictly sanitize all inputs derived from untrusted sources (like AI assessment output or user-provided content) to prevent command injection.	LLM	SKILL.md:84

Scan History

Embed Code

[![SkillShield](https://skillshield.io/api/v1/badge/d918c9baea9bb411.svg)](https://skillshield.io/report/d918c9baea9bb411)