Security Audit
torchforge-rl-training
github.com/davila7/claude-code-templatesTrust Assessment
torchforge-rl-training received a trust score of 55/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 12 findings: 3 critical, 6 high, 1 medium, and 2 low severity. Key findings include Network egress to untrusted endpoints, Covert behavior / concealment directives, Unpinned dependency `vllm`.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 0/100, indicating areas for improvement.
Last analyzed on February 20, 2026 (commit 458b1186). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings12
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Execution of unknown shell script `install.sh` The skill recommends executing `./scripts/install.sh`. The content of this script is not provided within the skill package, making it an opaque execution of arbitrary commands. This poses a significant command injection risk, as the script could perform malicious actions, download untrusted code, or modify system settings without the user's explicit knowledge or consent. Provide the full source code of `install.sh` for review within the skill package, or replace shell script execution with explicit, auditable commands. If the script is external, warn users about the risks of executing unknown scripts. | LLM | SKILL.md:55 | |
| CRITICAL | Execution of unknown shell script `install_rocm.sh` The skill recommends executing `./scripts/install_rocm.sh`. The content of this script is not provided within the skill package, making it an opaque execution of arbitrary commands. This poses a significant command injection risk, as the script could perform malicious actions, download untrusted code, or modify system settings without the user's explicit knowledge or consent. Provide the full source code of `install_rocm.sh` for review within the skill package, or replace shell script execution with explicit, auditable commands. If the script is external, warn users about the risks of executing unknown scripts. | LLM | SKILL.md:65 | |
| CRITICAL | Execution of unknown SLURM job script `run_grpo.sh` The skill recommends submitting a SLURM job using `sbatch run_grpo.sh`. The content of `run_grpo.sh` is not provided within the skill package, making it an opaque execution of arbitrary commands on a cluster. This poses a significant command injection risk, as the script could perform malicious actions, download untrusted code, or compromise the cluster environment. Provide the full source code of `run_grpo.sh` for review within the skill package, or replace shell script execution with explicit, auditable commands. Warn users about the risks of executing unknown scripts on shared computing resources. | LLM | SKILL.md:202 | |
| HIGH | Unpinned dependency `vllm` The `vllm` dependency is specified without a strict version pin in the manifest. This can lead to unexpected behavior, breaking changes, or the introduction of vulnerabilities if a new version is released with malicious code or critical bugs. An attacker could potentially publish a malicious package with a higher version number, leading to a supply chain attack. Pin the `vllm` dependency to a specific version (e.g., `"vllm==X.Y.Z"`) or at least a major version (e.g., `"vllm~=X.Y"`). | LLM | SKILL.md:1 | |
| HIGH | Unpinned dependency `monarch` The `monarch` dependency is specified without a strict version pin in the manifest. This can lead to unexpected behavior, breaking changes, or the introduction of vulnerabilities if a new version is released with malicious code or critical bugs. An attacker could potentially publish a malicious package with a higher version number, leading to a supply chain attack. Pin the `monarch` dependency to a specific version (e.g., `"monarch==X.Y.Z"`) or at least a major version (e.g., `"monarch~=X.Y"`). | LLM | SKILL.md:1 | |
| HIGH | Direct execution of Python module via shell The skill recommends executing a Python module (`apps.sft.main`) directly via a shell command. While executing an internal Python module, this still represents a command execution point within untrusted content. If the Python module itself contains vulnerabilities (e.g., uses `subprocess` with untrusted input, or performs sensitive operations), it could lead to further compromise. Ensure that all Python modules executed via shell commands are thoroughly audited for security vulnerabilities. If possible, provide the source code of `apps.sft.main` for review. | LLM | SKILL.md:72 | |
| HIGH | Direct execution of Python module via shell The skill recommends executing a Python module (`apps.grpo.main`) directly via a shell command. While executing an internal Python module, this still represents a command execution point within untrusted content. If the Python module itself contains vulnerabilities (e.g., uses `subprocess` with untrusted input, or performs sensitive operations), it could lead to further compromise. Ensure that all Python modules executed via shell commands are thoroughly audited for security vulnerabilities. If possible, provide the source code of `apps.grpo.main` for review. | LLM | SKILL.md:77 | |
| HIGH | Direct execution of Python module via shell The skill recommends executing a Python module (`apps.grpo.main`) directly via a shell command. While executing an internal Python module, this still represents a command execution point within untrusted content. If the Python module itself contains vulnerabilities (e.g., uses `subprocess` with untrusted input, or performs sensitive operations), it could lead to further compromise. Ensure that all Python modules executed via shell commands are thoroughly audited for security vulnerabilities. If possible, provide the source code of `apps.grpo.main` for review. | LLM | SKILL.md:137 | |
| HIGH | Direct execution of Python module via shell The skill recommends executing a Python module (`apps.grpo.main`) directly via a shell command. While executing an internal Python module, this still represents a command execution point within untrusted content. If the Python module itself contains vulnerabilities (e.g., uses `subprocess` with untrusted input, or performs sensitive operations), it could lead to further compromise. Ensure that all Python modules executed via shell commands are thoroughly audited for security vulnerabilities. If possible, provide the source code of `apps.grpo.main` for review. | LLM | SKILL.md:209 | |
| MEDIUM | Network egress to untrusted endpoints HTTP request to raw IP address Review all outbound network calls. Remove connections to webhook collectors, paste sites, and raw IP addresses. Legitimate API calls should use well-known service domains. | Manifest | cli-tool/components/mcps/devtools/figma-dev-mode.json:4 | |
| LOW | Covert behavior / concealment directives Multiple zero-width characters (stealth text) Remove hidden instructions, zero-width characters, and bidirectional overrides. Skill instructions should be fully visible and transparent to users. | Manifest | cli-tool/components/mcps/devtools/jfrog.json:4 | |
| LOW | Direct execution of Python command via shell The skill recommends executing a simple Python command (`import torch, forge, vllm; print('OK')`) directly via a shell command for verification. While the command itself is benign, it represents a direct shell execution point within untrusted content. If the arguments were dynamically constructed from untrusted input, it could lead to command injection. Ensure that all shell commands, even simple ones, are thoroughly reviewed. For verification, consider using a more sandboxed approach if possible, or explicitly state the full command and its purpose. | LLM | SKILL.md:58 |
Scan History
Embed Code
[](https://skillshield.io/report/6f787d55a68545fa)
Powered by SkillShield