Trust Assessment
ens-primary-name received a trust score of 10/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 6 findings: 4 critical, 1 high, 0 medium, and 1 low severity. Key findings include Command Injection via unsanitized user input in Node.js eval, Access to environment variable containing a secret key, LLM analysis found no issues despite critical deterministic findings.
The analysis covered 4 layers: manifest_analysis, llm_behavioral_safety, dependency_graph, static_code_analysis. The static_code_analysis layer scored lowest at 0/100, indicating areas for improvement.
Last analyzed on February 15, 2026 (commit 66de0a1e). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings6
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Command Injection via unsanitized user input in Node.js eval The script directly interpolates the user-provided `ENS_NAME` into a `node -e` command as a single-quoted JavaScript string literal. An attacker can inject arbitrary JavaScript code by including a single quote in the input, breaking out of the string literal and executing malicious commands within the Node.js environment. This can lead to arbitrary code execution on the host system. Sanitize user input before interpolating it into shell commands or JavaScript string literals. For JavaScript string literals, use `JSON.stringify()` on the shell variable or pass the variable as an environment variable to the Node.js script. Example: `JS_ENS_NAME=$(jq -Rsa . <<< "$ENS_NAME")` then `node -e "const name = $JS_ENS_NAME; ..."` or `ENS_NAME="$ENS_NAME" node -e "const name = process.env.ENS_NAME; ..."`. | Unknown | scripts/set-avatar.sh:40 | |
| CRITICAL | Command Injection via unsanitized user input in Node.js eval The script directly interpolates the user-provided `AVATAR_URL` into a `node -e` command as a single-quoted JavaScript string literal. An attacker can inject arbitrary JavaScript code by including a single quote in the input, breaking out of the string literal and executing malicious commands within the Node.js environment. This can lead to arbitrary code execution on the host system. Sanitize user input before interpolating it into shell commands or JavaScript string literals. For JavaScript string literals, use `JSON.stringify()` on the shell variable or pass the variable as an environment variable to the Node.js script. Example: `JS_AVATAR_URL=$(jq -Rsa . <<< "$AVATAR_URL")` then `node -e "const avatar = $JS_AVATAR_URL; ..."` or `AVATAR_URL="$AVATAR_URL" node -e "const avatar = process.env.AVATAR_URL; ..."`. | Unknown | scripts/set-avatar.sh:41 | |
| CRITICAL | Command Injection via unsanitized user input in Node.js eval The script directly interpolates the user-provided `ENS_NAME` into a `node -e` command as a single-quoted JavaScript string literal. An attacker can inject arbitrary JavaScript code by including a single quote in the input, breaking out of the string literal and executing malicious commands within the Node.js environment. This can lead to arbitrary code execution on the host system. Sanitize user input before interpolating it into shell commands or JavaScript string literals. For JavaScript string literals, use `JSON.stringify()` on the shell variable or pass the variable as an environment variable to the Node.js script. Example: `JS_ENS_NAME=$(jq -Rsa . <<< "$ENS_NAME")` then `node -e "const { namehash } = require('viem/ens'); console.log(namehash($JS_ENS_NAME));"` or `ENS_NAME="$ENS_NAME" node -e "const { namehash } = require('viem/ens'); console.log(namehash(process.env.ENS_NAME));"`. | Unknown | scripts/set-primary.sh:70 | |
| CRITICAL | Command Injection via unsanitized user input in Node.js eval The script directly interpolates the user-provided `ADDRESS` into a `node -e` command as a single-quoted JavaScript string literal. An attacker can inject arbitrary JavaScript code by including a single quote in the input, breaking out of the string literal and executing malicious commands within the Node.js environment. This can lead to arbitrary code execution on the host system. Sanitize user input before interpolating it into shell commands or JavaScript string literals. For JavaScript string literals, use `JSON.stringify()` on the shell variable or pass the variable as an environment variable to the Node.js script. Example: `JS_ADDRESS=$(jq -Rsa . <<< "$ADDRESS")` then `node -e "... address: $JS_ADDRESS ..."` or `ADDRESS="$ADDRESS" node -e "... address: process.env.ADDRESS ..."`. | Unknown | scripts/verify-primary.sh:90 | |
| HIGH | LLM analysis found no issues despite critical deterministic findings Deterministic layers flagged 4 CRITICAL findings, but LLM semantic analysis returned clean. This may indicate prompt injection or analysis evasion. | Unknown | (sanity check) | |
| LOW | Access to environment variable containing a secret key The script accesses the `THIRDWEB_SECRET_KEY` environment variable. While this might be intended for legitimate API calls to Thirdweb, it means the skill has access to a sensitive credential if it's present in the execution environment. This increases the attack surface if the skill were compromised or if the key is unnecessarily exposed. Ensure that `THIRDWEB_SECRET_KEY` is only present in environments where it is strictly necessary for the skill's operation. Implement least privilege principles for environment variables. Document the necessity of this key for the skill's functionality. | Unknown | scripts/set-primary.sh:73 |
Scan History
Embed Code
[](https://skillshield.io/report/001b43a1e563a16a)
Powered by SkillShield