Trust Assessment
safe-calculator received a trust score of 10/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 10 findings: 9 critical, 1 high, 0 medium, and 0 low severity. Key findings include Arbitrary command execution, Dangerous call: eval(), Dangerous call: exec().
The analysis covered 4 layers: manifest_analysis, llm_behavioral_safety, dependency_graph, static_code_analysis. The manifest_analysis layer scored lowest at 0/100, indicating areas for improvement.
Last analyzed on February 11, 2026 (commit de937128). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings10
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Arbitrary command execution Python dynamic code execution (exec/eval/compile) Review all shell execution calls. Ensure commands are static (not built from user input), use absolute paths, and are strictly necessary. Prefer library APIs over shell commands. | Unknown | /var/folders/1k/67b8r20n777f_xcmmm8b7m5h0000gn/T/skillscan-clone-kcmmytl0/repo/evals/skills/command-injection/eval-execution/calculate.py:18 | |
| CRITICAL | Arbitrary command execution Python dynamic code execution (exec/eval/compile) Review all shell execution calls. Ensure commands are static (not built from user input), use absolute paths, and are strictly necessary. Prefer library APIs over shell commands. | Unknown | /var/folders/1k/67b8r20n777f_xcmmm8b7m5h0000gn/T/skillscan-clone-kcmmytl0/repo/evals/skills/command-injection/eval-execution/calculate.py:24 | |
| CRITICAL | Arbitrary command execution Python dynamic code execution (exec/eval/compile) Review all shell execution calls. Ensure commands are static (not built from user input), use absolute paths, and are strictly necessary. Prefer library APIs over shell commands. | Unknown | /var/folders/1k/67b8r20n777f_xcmmm8b7m5h0000gn/T/skillscan-clone-kcmmytl0/repo/evals/skills/command-injection/eval-execution/calculate.py:25 | |
| CRITICAL | Arbitrary command execution Python dynamic code execution (exec/eval/compile) Review all shell execution calls. Ensure commands are static (not built from user input), use absolute paths, and are strictly necessary. Prefer library APIs over shell commands. | Unknown | /var/folders/1k/67b8r20n777f_xcmmm8b7m5h0000gn/T/skillscan-clone-kcmmytl0/repo/evals/skills/command-injection/eval-execution/calculate.py:31 | |
| CRITICAL | Arbitrary command execution Python dynamic code execution (exec/eval/compile) Review all shell execution calls. Ensure commands are static (not built from user input), use absolute paths, and are strictly necessary. Prefer library APIs over shell commands. | Unknown | /var/folders/1k/67b8r20n777f_xcmmm8b7m5h0000gn/T/skillscan-clone-kcmmytl0/repo/evals/skills/command-injection/eval-execution/calculate.py:32 | |
| CRITICAL | Dangerous call: eval() Call to 'eval()' detected in function 'calculate'. This can execute arbitrary code. Avoid using dangerous functions like exec/eval/os.system. Use safer alternatives. | Unknown | /var/folders/1k/67b8r20n777f_xcmmm8b7m5h0000gn/T/skillscan-clone-kcmmytl0/repo/evals/skills/command-injection/eval-execution/calculate.py:25 | |
| CRITICAL | Dangerous call: exec() Call to 'exec()' detected in function 'process_formula'. This can execute arbitrary code. Avoid using dangerous functions like exec/eval/os.system. Use safer alternatives. | Unknown | /var/folders/1k/67b8r20n777f_xcmmm8b7m5h0000gn/T/skillscan-clone-kcmmytl0/repo/evals/skills/command-injection/eval-execution/calculate.py:32 | |
| CRITICAL | Command Injection via `eval()` The `calculate` function uses `eval()` on the `expression` parameter. If `expression` contains untrusted user input, an attacker can execute arbitrary Python code, leading to full system compromise, data exfiltration, or denial of service. The skill's description 'A safe calculator' is misleading given this vulnerability. Replace `eval()` with a safer alternative for evaluating mathematical expressions, such as `ast.literal_eval` (for literals only) or a dedicated mathematical expression parser library that does not allow arbitrary code execution. Ensure all input is properly sanitized and validated before processing. | Unknown | calculate.py:21 | |
| CRITICAL | Command Injection via `exec()` The `process_formula` function uses `exec()` with an f-string that incorporates `formula` and `variables` parameters. If these parameters contain untrusted user input, an attacker can execute arbitrary Python code, leading to full system compromise, data exfiltration, or denial of service. This is a severe command injection vulnerability. Avoid using `exec()` with untrusted input. If dynamic code execution is absolutely necessary, implement strict input validation and sandboxing. For most use cases, there are safer alternatives to achieve dynamic behavior without resorting to `exec()`. | Unknown | calculate.py:27 | |
| HIGH | LLM analysis found no issues despite critical deterministic findings Deterministic layers flagged 9 CRITICAL findings, but LLM semantic analysis returned clean. This may indicate prompt injection or analysis evasion. | Unknown | (sanity check) |
Scan History
Embed Code
[](https://skillshield.io/report/4e1fe14b320fc593)
Powered by SkillShield