Trust Assessment
sysadmin-toolbox received a trust score of 74/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 3 findings: 0 critical, 1 high, 2 medium, and 0 low severity. Key findings include Sensitive environment variable access: $HOME, Unsanitized argument used in file paths for shell commands, Git repository cloned without specific commit pinning.
The analysis covered 4 layers: manifest_analysis, llm_behavioral_safety, static_code_analysis, dependency_graph. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 11, 2026 (commit 0676c56a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings3
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Unsanitized argument used in file paths for shell commands The `scripts/refresh.sh` script uses the first command-line argument (`$1`) to determine the `SKILL_DIR`. This variable is then used in `awk` redirection targets and `wc -l` commands without proper sanitization or validation. An attacker who can control the argument passed to this script could inject arbitrary shell commands, leading to remote code execution or arbitrary file writes. For example, passing a crafted string like `"/tmp/foo; rm -rf /"` could lead to unintended command execution. Validate and sanitize the `$1` argument to ensure it is a valid and safe directory path and does not contain shell metacharacters. Consider using `realpath` to resolve the path and checking for directory existence. Restrict the execution context of the script or ensure the argument is always controlled by a trusted source. | Unknown | scripts/refresh.sh:20 | |
| MEDIUM | Sensitive environment variable access: $HOME Access to sensitive environment variable '$HOME' detected in shell context. Verify this environment variable access is necessary and the value is not exfiltrated. | Unknown | /var/folders/1k/67b8r20n777f_xcmmm8b7m5h0000gn/T/skillscan-clone-q8pw7ji_/repo/skills/sysadmin-toolbox/scripts/refresh.sh:9 | |
| MEDIUM | Git repository cloned without specific commit pinning The `scripts/refresh.sh` script clones `https://github.com/trimstray/the-book-of-secret-knowledge.git` using `--depth 1`, which fetches only the latest commit. This means the skill's reference content is not pinned to a specific version. If the upstream repository were to be compromised, malicious content could be introduced into the skill's local reference files without explicit review, posing a supply chain risk. While the current skill is a rubric, this could lead to the LLM being fed malicious instructions or data if the skill's interpretation or execution context changes in the future. Pin the `git clone` operation to a specific commit hash (e.g., `git clone "$REPO_URL" "$TEMP_DIR" && cd "$TEMP_DIR" && git checkout <commit_hash>`). Implement a review process for upstream changes before updating the pinned hash to ensure integrity. | Unknown | scripts/refresh.sh:15 |
Scan History
Embed Code
[](https://skillshield.io/report/8f7d001817a7e19b)
Powered by SkillShield