Trust Assessment
ckanner/agent-skills:jta received a trust score of 11/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 5 findings: 2 critical, 1 high, 2 medium, and 0 low severity. Key findings include Sensitive environment variable access: $ANTHROPIC_API_KEY, Sensitive environment variable access: $OPENAI_API_KEY, Unpinned external binary download with `sudo` installation.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The Static Code Analysis layer scored lowest at 26/100, indicating areas for improvement.
Last analyzed on February 28, 2026 (commit 650567ab). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings5
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Unpinned external binary download with `sudo` installation The skill's installation script downloads the `jta` executable from `https://github.com/hikanner/jta/releases/latest/download/` using `curl`. The use of `/latest/` means that any new release, potentially malicious, would be automatically downloaded and installed. Furthermore, the downloaded binary is then moved to `/usr/local/bin/` using `sudo`, granting it system-wide execution privileges. This creates a critical supply chain vulnerability where a compromised GitHub repository or a malicious release could lead to arbitrary code execution on the host system with root privileges. Pin the downloaded binary to a specific, immutable version (e.g., `v1.0.0` instead of `latest`). Implement checksum verification (e.g., SHA256) for the downloaded binary to ensure its integrity. Avoid using `sudo` for skill installations; if system-wide installation is unavoidable, ensure robust verification and user consent. | Static | scripts/install.sh:50 | |
| CRITICAL | Unpinned Homebrew installation from external tap The skill's installation script attempts to install `jta` via Homebrew using `brew tap hikanner/jta` and `brew install jta`. Homebrew taps are external repositories, and `brew install` can execute arbitrary code defined in the formula. The lack of version pinning means that any update to the `hikanner/jta` formula, potentially malicious, would be automatically installed. This introduces a significant supply chain risk, as a compromised Homebrew tap could lead to arbitrary code execution. If Homebrew is used, consider pinning the formula to a specific version or commit. Thoroughly review the Homebrew formula for any malicious code. Ideally, provide a more controlled installation method with checksum verification. | Static | scripts/install.sh:34 | |
| HIGH | LLM analysis found no issues despite critical deterministic findings Deterministic layers flagged 2 CRITICAL findings, but LLM semantic analysis returned clean. This may indicate prompt injection or analysis evasion. | LLM | (sanity check) | |
| MEDIUM | Sensitive environment variable access: $ANTHROPIC_API_KEY Access to sensitive environment variable '$ANTHROPIC_API_KEY' detected in shell context. Verify this environment variable access is necessary and the value is not exfiltrated. | Static | jta/SKILL.md:72 | |
| MEDIUM | Sensitive environment variable access: $OPENAI_API_KEY Access to sensitive environment variable '$OPENAI_API_KEY' detected in shell context. Verify this environment variable access is necessary and the value is not exfiltrated. | Static | jta/SKILL.md:78 |
Scan History
Embed Code
[](https://skillshield.io/report/c971476624accfba)
Powered by SkillShield