Security Audit

anysiteio/agent-skills:skills/anysite-brand-reputation

github.com/anysiteio/agent-skills

AI SkillCommit 5cefedb00ecc

TRUSTED

Scanned 6 days ago

Critical

Immediate action required

High

Priority fixes suggested

Medium

Best practices review

Low

Acknowledged / Tracked

Trust Assessment

anysiteio/agent-skills:skills/anysite-brand-reputation received a trust score of 85/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.

SkillShield's automated analysis identified 1 finding: 0 critical, 1 high, 0 medium, and 0 low severity. Key findings include Arbitrary URL fetching via 'webparser' tool.

The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.

Last analyzed on April 1, 2026 (commit 5cefedb0). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.

Layer Breakdown

Manifest Analysis

100%

Static Code Analysis

100%

Dependency Graph

100%

LLM Behavioral Safety

85%

Behavioral Risk Signals

Network Access

1 finding

Filesystem Write

1 finding

Excessive Permissions

1 finding

Security Findings1

Severity	Finding	Layer	Location
HIGH	Arbitrary URL fetching via 'webparser' tool The skill defines a 'webparser' tool that can fetch content from an arbitrary URL. While the example demonstrates its use for scraping tweet URLs, the tool's interface allows any URL to be provided. This capability grants the agent excessive permissions, enabling it to perform Server-Side Request Forgery (SSRF) by accessing internal network resources or potentially local files (if 'file://' URIs are supported by the underlying implementation). This could lead to data exfiltration, internal network reconnaissance, or other unauthorized access, which is beyond the scope of a 'brand reputation monitoring' skill. Restrict the 'webparser' tool to a strict whitelist of allowed domains (e.g., social media platforms) or specific URL patterns. Ensure the underlying 'webparser' implementation prevents access to 'file://' URIs, internal IP ranges, and other sensitive resources. If not strictly necessary for brand monitoring, consider removing this tool.	LLM	SKILL.md:190

Scan History

Embed Code

[![SkillShield](https://skillshield.io/api/v1/badge/8217273e29bb5a59.svg)](https://skillshield.io/report/8217273e29bb5a59)