Security Audit

last30days

github.com/jdrhyne/agent-skills

AI SkillCommit 0676c56a8ab1

CRITICAL

Scanned 9 days ago

Critical

Immediate action required

High

Priority fixes suggested

Medium

Best practices review

Low

Acknowledged / Tracked

Trust Assessment

last30days received a trust score of 10/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.

SkillShield's automated analysis identified 8 findings: 2 critical, 3 high, 3 medium, and 0 low severity. Key findings include Unsafe environment variable passthrough, Credential harvesting, Missing required field: name.

The analysis covered 4 layers: dependency_graph, manifest_analysis, llm_behavioral_safety, static_code_analysis. The static_code_analysis layer scored lowest at 49/100, indicating areas for improvement.

Last analyzed on February 11, 2026 (commit 0676c56a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.

Layer Breakdown

Manifest Analysis

55%

Static Code Analysis

49%

Dependency Graph

100%

LLM Behavioral Safety

70%

Behavioral Risk Signals

Network Access

4 findings

Shell Execution

1 finding

Dynamic Code

3 findings

Excessive Permissions

3 findings

Security Findings8

Severity	Finding	Layer	Location
CRITICAL	Credential harvesting Reading well-known credential environment variables Skills should only access environment variables they explicitly need. Bulk environment dumps (os.environ.copy, JSON.stringify(process.env)) are almost always malicious. Remove access to Keychain, GPG keys, and credential stores.	Unknown	/var/folders/1k/67b8r20n777f_xcmmm8b7m5h0000gn/T/skillscan-clone-t6r63uxx/repo/skills/last30days/scripts/lib/env.py:41
CRITICAL	Command Injection via User Input in Shell Script The `scripts/community_search.sh` script directly interpolates user-controlled input (`$TOPIC`) into a `python3 -c` command without proper escaping. A malicious user can inject arbitrary shell commands by crafting the `TOPIC` input to include a single quote, breaking out of the Python string and executing subsequent commands. To prevent command injection, pass the user input as an argument to the Python script instead of interpolating it directly into the command string. For example, use `python3 -c 'import urllib.parse, sys; print(urllib.parse.quote(sys.argv[1]))' "$TOPIC"`. This ensures the input is treated as a literal string argument by Python, even if it contains special characters.	Unknown	scripts/community_search.sh:16
HIGH	Unsafe environment variable passthrough Access to well-known credential environment variables Minimize environment variable exposure. Only pass required, non-sensitive variables to MCP servers. Use dedicated secret management instead of environment passthrough.	Unknown	/var/folders/1k/67b8r20n777f_xcmmm8b7m5h0000gn/T/skillscan-clone-t6r63uxx/repo/skills/last30days/scripts/lib/env.py:41
HIGH	Prompt Injection in OpenAI/xAI API Calls The user-controlled `topic` variable is directly formatted into the `REDDIT_SEARCH_PROMPT` (for OpenAI) and `X_SEARCH_PROMPT` (for xAI) strings. These formatted prompts are then sent to external Large Language Models (LLMs). A malicious user could craft the `topic` to include instructions that attempt to manipulate the behavior of these downstream LLMs, potentially leading to unintended outputs, information disclosure, or other prompt injection attacks. Implement robust input sanitization or use a templating system that separates user input from prompt instructions. Consider using techniques like input validation, escaping special characters, or employing a 'sandwich' prompt structure where user input is clearly delimited and surrounded by system instructions that reinforce the intended task and guard against manipulation.	Unknown	scripts/lib/openai_reddit.py:102
HIGH	Prompt Injection in OpenAI/xAI API Calls The user-controlled `topic` variable is directly formatted into the `REDDIT_SEARCH_PROMPT` (for OpenAI) and `X_SEARCH_PROMPT` (for xAI) strings. These formatted prompts are then sent to external Large Language Models (LLMs). A malicious user could craft the `topic` to include instructions that attempt to manipulate the behavior of these downstream LLMs, potentially leading to unintended outputs, information disclosure, or other prompt injection attacks. Implement robust input sanitization or use a templating system that separates user input from prompt instructions. Consider using techniques like input validation, escaping special characters, or employing a 'sandwich' prompt structure where user input is clearly delimited and surrounded by system instructions that reinforce the intended task and guard against manipulation.	Unknown	scripts/lib/xai_x.py:90
MEDIUM	Missing required field: name The 'name' field is required for claude_code skills but is missing from frontmatter. Add a 'name' field to the SKILL.md frontmatter.	Unknown	/var/folders/1k/67b8r20n777f_xcmmm8b7m5h0000gn/T/skillscan-clone-t6r63uxx/repo/skills/last30days/SKILL.md:1
MEDIUM	Suspicious import: urllib.request Import of 'urllib.request' detected. This module provides network or low-level system access. Verify this import is necessary. Network and system modules in skill code may indicate data exfiltration.	Unknown	/var/folders/1k/67b8r20n777f_xcmmm8b7m5h0000gn/T/skillscan-clone-t6r63uxx/repo/skills/last30days/scripts/hn_search.py:15
MEDIUM	Suspicious import: urllib.request Import of 'urllib.request' detected. This module provides network or low-level system access. Verify this import is necessary. Network and system modules in skill code may indicate data exfiltration.	Unknown	/var/folders/1k/67b8r20n777f_xcmmm8b7m5h0000gn/T/skillscan-clone-t6r63uxx/repo/skills/last30days/scripts/lib/http.py:8

Scan History

Embed Code

[![SkillShield](https://skillshield.io/api/v1/badge/770ab33e9156c573.svg)](https://skillshield.io/report/770ab33e9156c573)