Security Audit
scientific-critical-thinking
github.com/davila7/claude-code-templatesTrust Assessment
scientific-critical-thinking received a trust score of 53/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 5 findings: 0 critical, 2 high, 2 medium, and 1 low severity. Key findings include Dangerous tool allowed: Bash, Network egress to untrusted endpoints, Covert behavior / concealment directives.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The Static Code Analysis layer scored lowest at 63/100, indicating areas for improvement.
Last analyzed on February 11, 2026 (commit 458b1186). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings5
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Dangerous tool allowed: Bash The skill allows the 'Bash' tool without constraints. This grants arbitrary command execution. Remove unconstrained shell/exec tools from allowed-tools, or add specific command constraints. | Static | cli-tool/components/skills/scientific/scientific-critical-thinking/SKILL.md:1 | |
| HIGH | Excessive 'Bash' permission for a rubric skill The skill 'scientific-critical-thinking' declares 'Bash' permission in its manifest. However, the skill's primary function, as described in SKILL.md, is to act as a rubric for evaluating scientific rigor. This analytical purpose does not inherently require arbitrary shell command execution. While the skill provides an example of a `bash` command for generating schematics (which is attributed to a separate 'scientific-schematics' skill), this specific skill does not demonstrate any internal logic that necessitates the 'Bash' capability. Granting 'Bash' permission to a purely analytical rubric skill introduces an unnecessary attack surface, as an LLM could be prompted to execute arbitrary commands, potentially leading to command injection if the example is misinterpreted as an instruction to execute. Remove 'Bash' from the 'allowed-tools' list in the skill's manifest. If shell execution is truly required for a specific, limited function, consider wrapping it in a more constrained tool or re-evaluating the skill's scope. For a rubric skill, 'Bash' is generally not appropriate. | Static | SKILL.md:40 | |
| MEDIUM | Network egress to untrusted endpoints HTTP request to raw IP address Review all outbound network calls. Remove connections to webhook collectors, paste sites, and raw IP addresses. Legitimate API calls should use well-known service domains. | Manifest | cli-tool/components/mcps/devtools/figma-dev-mode.json:4 | |
| MEDIUM | Excessive 'Write' and 'Edit' permissions for a rubric skill The skill 'scientific-critical-thinking' declares 'Write' and 'Edit' permissions in its manifest. The skill's described purpose is to evaluate research rigor and provide critical analysis. While 'Read' permission might be justified for accessing research papers, the provided SKILL.md content does not demonstrate any explicit need for 'Write' or 'Edit' capabilities for its core analytical function. Granting these broad filesystem modification permissions without a clear, demonstrated use case increases the risk of unintended data modification or deletion if the LLM were to be manipulated. Remove 'Write' and 'Edit' from the 'allowed-tools' list in the skill's manifest. If the skill is intended to annotate or modify documents, this functionality should be explicitly described and justified, and ideally, more granular permissions or a dedicated tool should be used instead of broad 'Write'/'Edit' access. | Static | SKILL.md:1 | |
| LOW | Covert behavior / concealment directives Multiple zero-width characters (stealth text) Remove hidden instructions, zero-width characters, and bidirectional overrides. Skill instructions should be fully visible and transparent to users. | Manifest | cli-tool/components/mcps/devtools/jfrog.json:4 |
Scan History
Embed Code
[](https://skillshield.io/report/087fd7b7d28be3f4)
Powered by SkillShield