Trust Assessment
bash-linux received a trust score of 76/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.
SkillShield's automated analysis identified 3 findings: 0 critical, 1 high, 1 medium, and 1 low severity. Key findings include Network egress to untrusted endpoints, Covert behavior / concealment directives, Skill declares 'Bash' permission, allowing arbitrary command execution.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 11, 2026 (commit 458b1186). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings3
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Skill declares 'Bash' permission, allowing arbitrary command execution The skill explicitly declares the 'Bash' permission in its manifest. This grants the ability to execute arbitrary shell commands on the host system. While this permission is fundamental for a skill providing Bash patterns and examples, it represents a significant security risk. An attacker who can successfully prompt the LLM to use this skill could leverage this permission to execute malicious commands, potentially leading to data exfiltration (e.g., using `cat`, `grep`, `curl`), system modification (e.g., `sed -i`, `rm`), or denial of service (e.g., `kill`). The skill's content provides numerous examples of powerful commands that could be exploited if the LLM is prompted to use them maliciously. For skill developers: Ensure that the skill's functionality absolutely requires 'Bash' access. If not, remove or restrict this permission. If 'Bash' access is necessary, consider adding safeguards within the skill's implementation to validate and sanitize any user-provided input before it is passed to shell commands. For LLM integrators: Implement strict input validation and sanitization for any user-provided data that might be passed to Bash commands. Consider sandboxing or least-privilege execution environments for skills with 'Bash' access. Carefully review prompts and LLM outputs before executing commands, especially when 'Bash' permission is involved. | LLM | Manifest:1 | |
| MEDIUM | Network egress to untrusted endpoints HTTP request to raw IP address Review all outbound network calls. Remove connections to webhook collectors, paste sites, and raw IP addresses. Legitimate API calls should use well-known service domains. | Manifest | cli-tool/components/mcps/devtools/figma-dev-mode.json:4 | |
| LOW | Covert behavior / concealment directives Multiple zero-width characters (stealth text) Remove hidden instructions, zero-width characters, and bidirectional overrides. Skill instructions should be fully visible and transparent to users. | Manifest | cli-tool/components/mcps/devtools/jfrog.json:4 |
Scan History
Embed Code
[](https://skillshield.io/report/1cf61e43e57c5797)
Powered by SkillShield