Security Audit
Jamkris/everything-gemini-code:skills/canary-watch
github.com/Jamkris/everything-gemini-codeTrust Assessment
Jamkris/everything-gemini-code:skills/canary-watch received a trust score of 3/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 5 findings: 1 critical, 2 high, 2 medium, and 0 low severity. Key findings include File read + network send exfiltration, Missing required field: name, Sensitive path access: AI agent config.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on March 30, 2026 (commit 6c6f43aa). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings5
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | File read + network send exfiltration AI agent config/credential file access Remove access to sensitive files not required by the skill's stated purpose. SSH keys, cloud credentials, and browser data should never be read by skills unless explicitly part of their declared functionality. | Manifest | skills/canary-watch/SKILL.md:68 | |
| HIGH | Sensitive path access: AI agent config Access to AI agent config path detected: '~/.claude/'. This may indicate credential theft. Verify that access to this sensitive path is justified and declared. | Static | skills/canary-watch/SKILL.md:68 | |
| HIGH | Potential Command Injection via URL parameter The skill description indicates that it takes a URL as a primary argument (e.g., `/canary-watch https://myapp.com`). If the underlying implementation uses this user-provided URL directly in shell commands (e.g., `curl`, `wget`, `puppeteer` execution, or system notification commands) without proper sanitization and escaping, a malicious URL containing shell metacharacters could lead to arbitrary command execution on the host system. This is a common vulnerability when processing untrusted input for system calls. Implement robust input validation and sanitization for all URL parameters. When executing external commands or system calls, ensure that all user-provided input is properly escaped or passed as distinct arguments to prevent shell injection. Consider using libraries that abstract away direct shell execution or provide safe command execution mechanisms. | LLM | SKILL.md:39 | |
| MEDIUM | Missing required field: name The 'name' field is required for claude_code skills but is missing from frontmatter. Add a 'name' field to the SKILL.md frontmatter. | Static | skills/canary-watch/SKILL.md:1 | |
| MEDIUM | Potential Data Exfiltration via User-Configurable Webhooks The skill mentions 'Optional: Slack/Discord webhook' for notifications. If the webhook URL is user-configurable and the skill sends any potentially sensitive information (e.g., monitored URLs, error messages, performance metrics, or other data collected during monitoring) to this webhook, a malicious actor could configure it to point to an attacker-controlled server, leading to data exfiltration. The description does not specify how these webhooks are configured or if there are any restrictions on the URLs or data sent. If webhooks are user-configurable, ensure strict validation of webhook URLs (e.g., allowlisting trusted domains, restricting protocols). Carefully review what data is sent to webhooks and ensure no sensitive information is included. Consider sandboxing or proxying webhook requests to prevent direct access to external networks or to filter content. | LLM | SKILL.md:71 |
Scan History
Embed Code
[](https://skillshield.io/report/faabf61e6d551a61)
Powered by SkillShield