Trust Assessment
garrytan/gstack:guard received a trust score of 41/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 5 findings: 1 critical, 1 high, 2 medium, and 0 low severity. Key findings include Dangerous tool allowed: Bash, Sensitive environment variable access: $HOME, Command Injection via User-Provided Path.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The Static Code Analysis layer scored lowest at 41/100, indicating areas for improvement.
Last analyzed on April 29, 2026 (commit e8893a18). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings5
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Command Injection via User-Provided Path The skill directly inserts user-provided input into a shell command without proper sanitization or quoting. A malicious user could provide a path like `'; rm -rf /; echo '` to execute arbitrary commands on the host system when the `cd` command is constructed. Always sanitize or properly quote user input before using it in shell commands. For paths, consider using `printf %q` or ensuring the path is validated as a safe directory string. A safer approach would be to use a tool's API for path resolution if available, or to strictly validate the input against allowed characters/patterns before passing it to `cd`. | Static | SKILL.md:39 | |
| HIGH | Dangerous tool allowed: Bash The skill allows the 'Bash' tool without constraints. This grants arbitrary command execution. Remove unconstrained shell/exec tools from allowed-tools, or add specific command constraints. | Static | guard/SKILL.md:1 | |
| MEDIUM | Sensitive environment variable access: $HOME Access to sensitive environment variable '$HOME' detected in shell context. Verify this environment variable access is necessary and the value is not exfiltrated. | Static | guard/SKILL.md:36 | |
| MEDIUM | Relative Path Traversal in PreToolUse Hooks The `PreToolUse` hooks reference scripts using relative paths (`../careful/bin/check-careful.sh` and `../freeze/bin/check-freeze.sh`). While the skill description notes these are intended sibling dependencies, relying on relative paths with `CLAUDE_SKILL_DIR` can introduce supply chain risks if the skill directory structure is not strictly enforced or if a malicious skill is placed in a sibling directory, potentially leading to execution of unintended scripts. Consider using absolute paths or a more robust mechanism for referencing dependent skill scripts, perhaps by resolving them through a skill registry or a dedicated environment variable that points directly to the dependency's root. Ensure the skill installation process strictly controls the placement of sibling directories. | Static | Manifest:1 | |
| INFO | Repository Name Collection for Analytics The skill collects the name of the current Git repository (if applicable) using `git rev-parse --show-toplevel` and logs it to a local analytics file. While this data is stored locally and likely intended for usage analytics, it constitutes data collection about the user's environment, which could be considered a minor data exfiltration risk if the analytics file were ever accessed externally. Ensure users are aware of data collection practices. If repository names are sensitive, consider hashing them or providing an opt-out mechanism for analytics. | Static | SKILL.md:17 |
Scan History
Embed Code
[](https://skillshield.io/report/0650176252404c54)
Powered by SkillShield