Trust Assessment
neynar received a trust score of 10/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 17 findings: 9 critical, 5 high, 3 medium, and 0 low severity. Key findings include Persistence / self-modification instructions, Sensitive path access: AI agent config, Sensitive environment variable access: $HOME.
The analysis covered 4 layers: dependency_graph, manifest_analysis, llm_behavioral_safety, static_code_analysis. The static_code_analysis layer scored lowest at 0/100, indicating areas for improvement.
Last analyzed on February 15, 2026 (commit 66de0a1e). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings17
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Persistence / self-modification instructions Shell RC file modification for persistence Remove any persistence mechanisms. Skills should not modify system startup configurations, crontabs, LaunchAgents, systemd services, or shell profiles. | Unknown | /tmp/skillscan-clone-xwkocmkx/repo/neynar/scripts/neynar.sh:70 | |
| CRITICAL | Persistence / self-modification instructions Shell RC file modification for persistence Remove any persistence mechanisms. Skills should not modify system startup configurations, crontabs, LaunchAgents, systemd services, or shell profiles. | Unknown | /tmp/skillscan-clone-xwkocmkx/repo/neynar/scripts/neynar.sh:81 | |
| CRITICAL | Command Injection via Unencoded URL Parameters The `neynar.sh` script constructs API request URLs by directly concatenating user-controlled input without proper URL encoding. This allows an attacker to inject arbitrary shell commands into the URL string, which will be executed by the shell before the `curl` command is invoked. This can lead to arbitrary code execution with the privileges of the `clawdbot` process. All user-controlled variables used in URL paths or query parameters must be properly URL-encoded before being concatenated into the `curl` command. A helper function using `jq -Rr @uri` can be used for this purpose. Apply this to `$identifier` in `cmd_user`, `$usernames` in `cmd_users`, `$identifier` in `cmd_feed`, `$channel` in `cmd_search`, and `$identifier`, `$type` in `cmd_cast`. | Unknown | scripts/neynar.sh:50 | |
| CRITICAL | Command Injection via Unencoded URL Parameters The `neynar.sh` script constructs API request URLs by directly concatenating user-controlled input without proper URL encoding. This allows an attacker to inject arbitrary shell commands into the URL string, which will be executed by the shell before the `curl` command is invoked. This can lead to arbitrary code execution with the privileges of the `clawdbot` process. All user-controlled variables used in URL paths or query parameters must be properly URL-encoded before being concatenated into the `curl` command. A helper function using `jq -Rr @uri` can be used for this purpose. Apply this to `$identifier` in `cmd_user`, `$usernames` in `cmd_users`, `$identifier` in `cmd_feed`, `$channel` in `cmd_search`, and `$identifier`, `$type` in `cmd_cast`. | Unknown | scripts/neynar.sh:57 | |
| CRITICAL | Command Injection via Unencoded URL Parameters The `neynar.sh` script constructs API request URLs by directly concatenating user-controlled input without proper URL encoding. This allows an attacker to inject arbitrary shell commands into the URL string, which will be executed by the shell before the `curl` command is invoked. This can lead to arbitrary code execution with the privileges of the `clawdbot` process. All user-controlled variables used in URL paths or query parameters must be properly URL-encoded before being concatenated into the `curl` command. A helper function using `jq -Rr @uri` can be used for this purpose. Apply this to `$identifier` in `cmd_user`, `$usernames` in `cmd_users`, `$identifier` in `cmd_feed`, `$channel` in `cmd_search`, and `$identifier`, `$type` in `cmd_cast`. | Unknown | scripts/neynar.sh:69 | |
| CRITICAL | Command Injection via Unencoded URL Parameters The `neynar.sh` script constructs API request URLs by directly concatenating user-controlled input without proper URL encoding. This allows an attacker to inject arbitrary shell commands into the URL string, which will be executed by the shell before the `curl` command is invoked. This can lead to arbitrary code execution with the privileges of the `clawdbot` process. All user-controlled variables used in URL paths or query parameters must be properly URL-encoded before being concatenated into the `curl` command. A helper function using `jq -Rr @uri` can be used for this purpose. Apply this to `$identifier` in `cmd_user`, `$usernames` in `cmd_users`, `$identifier` in `cmd_feed`, `$channel` in `cmd_search`, and `$identifier`, `$type` in `cmd_cast`. Additionally, `$limit` should be validated as an integer. | Unknown | scripts/neynar.sh:92 | |
| CRITICAL | Command Injection via Unencoded URL Parameters The `neynar.sh` script constructs API request URLs by directly concatenating user-controlled input without proper URL encoding. This allows an attacker to inject arbitrary shell commands into the URL string, which will be executed by the shell before the `curl` command is invoked. This can lead to arbitrary code execution with the privileges of the `clawdbot` process. All user-controlled variables used in URL paths or query parameters must be properly URL-encoded before being concatenated into the `curl` command. A helper function using `jq -Rr @uri` can be used for this purpose. Apply this to `$identifier` in `cmd_user`, `$usernames` in `cmd_users`, `$identifier` in `cmd_feed`, `$channel` in `cmd_search`, and `$identifier`, `$type` in `cmd_cast`. Additionally, `$limit` should be validated as an integer. | Unknown | scripts/neynar.sh:100 | |
| CRITICAL | Command Injection via Unencoded URL Parameters The `neynar.sh` script constructs API request URLs by directly concatenating user-controlled input without proper URL encoding. While the `$query` parameter is correctly encoded, the `$channel` parameter is not. This allows an attacker to inject arbitrary shell commands into the URL string, which will be executed by the shell before the `curl` command is invoked. This can lead to arbitrary code execution with the privileges of the `clawdbot` process. The `$channel` variable must be properly URL-encoded before being concatenated into the `endpoint` string. A helper function using `jq -Rr @uri` can be used for this purpose. | Unknown | scripts/neynar.sh:127 | |
| CRITICAL | Command Injection via Unencoded URL Parameters The `neynar.sh` script constructs API request URLs by directly concatenating user-controlled input without proper URL encoding. This allows an attacker to inject arbitrary shell commands into the URL string, which will be executed by the shell before the `curl` command is invoked. This can lead to arbitrary code execution with the privileges of the `clawdbot` process. All user-controlled variables used in URL paths or query parameters must be properly URL-encoded before being concatenated into the `curl` command. A helper function using `jq -Rr @uri` can be used for this purpose. Apply this to `$identifier` and `$type` in `cmd_cast`. | Unknown | scripts/neynar.sh:150 | |
| HIGH | Sensitive path access: AI agent config Access to AI agent config path detected: '~/.clawdbot/'. This may indicate credential theft. Verify that access to this sensitive path is justified and declared. | Unknown | /tmp/skillscan-clone-xwkocmkx/repo/neynar/SKILL.md:14 | |
| HIGH | Sensitive path access: AI agent config Access to AI agent config path detected: '~/.clawdbot/'. This may indicate credential theft. Verify that access to this sensitive path is justified and declared. | Unknown | /tmp/skillscan-clone-xwkocmkx/repo/neynar/SKILL.md:15 | |
| HIGH | Sensitive path access: AI agent config Access to AI agent config path detected: '~/.clawdbot/'. This may indicate credential theft. Verify that access to this sensitive path is justified and declared. | Unknown | /tmp/skillscan-clone-xwkocmkx/repo/neynar/scripts/neynar.sh:16 | |
| HIGH | Potential Data Exfiltration due to Command Injection Due to the identified command injection vulnerabilities, an attacker could craft malicious input to execute arbitrary shell commands. This includes commands like `cat ~/.clawdbot/skills/neynar/config.json`, which would allow the attacker to read and exfiltrate sensitive credentials such as the `API_KEY` and `SIGNER_UUID` stored in the skill's configuration file. Address the underlying command injection vulnerabilities by properly URL-encoding all user-controlled input before it is used in shell commands or URL construction. This will prevent the execution of arbitrary commands and thus mitigate the risk of credential exfiltration. | Unknown | scripts/neynar.sh:15 | |
| HIGH | LLM analysis found no issues despite critical deterministic findings Deterministic layers flagged 9 CRITICAL findings, but LLM semantic analysis returned clean. This may indicate prompt injection or analysis evasion. | Unknown | (sanity check) | |
| MEDIUM | Sensitive environment variable access: $HOME Access to sensitive environment variable '$HOME' detected in shell context. Verify this environment variable access is necessary and the value is not exfiltrated. | Unknown | /tmp/skillscan-clone-xwkocmkx/repo/neynar/scripts/neynar.sh:7 | |
| MEDIUM | Persistence mechanism: Shell RC file modification Detected Shell RC file modification pattern. Persistence mechanisms allow malware to survive system restarts. Review this persistence pattern. Skills should not modify system startup configuration. | Unknown | /tmp/skillscan-clone-xwkocmkx/repo/neynar/scripts/neynar.sh:70 | |
| MEDIUM | Persistence mechanism: Shell RC file modification Detected Shell RC file modification pattern. Persistence mechanisms allow malware to survive system restarts. Review this persistence pattern. Skills should not modify system startup configuration. | Unknown | /tmp/skillscan-clone-xwkocmkx/repo/neynar/scripts/neynar.sh:81 |
Scan History
Embed Code
[](https://skillshield.io/report/c360b0ed83b3c6c6)
Powered by SkillShield