Security Audit
csctf
github.com/Mrc220/agent_flywheel_clawdbot_skills_and_integrationsTrust Assessment
csctf received a trust score of 55/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 3 findings: 0 critical, 3 high, 0 medium, and 0 low severity. Key findings include Unsafe `curl | bash` installation method, Access and temporary handling of sensitive Chrome session cookies, Potential command injection in GitHub Pages publishing arguments.
The analysis covered 4 layers: manifest_analysis, llm_behavioral_safety, static_code_analysis, dependency_graph. The static_code_analysis layer scored lowest at 55/100, indicating areas for improvement.
Last analyzed on February 11, 2026 (commit c7bd8e0f). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings3
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Unsafe `curl | bash` installation method The recommended installation method for the `csctf` CLI tool involves piping a remote script directly to `bash` (`curl -fsSL ... | bash`). This practice is a significant supply chain risk, as it executes arbitrary code from a remote server without prior user review or integrity verification by default. A compromised GitHub repository or a man-in-the-middle attack could lead to the execution of malicious code on the user's system. While a `--verify` option is mentioned, it is not part of the recommended one-liner. Advise users to download the `install.sh` script, review its contents, and then execute it locally. Alternatively, provide instructions for using the `--verify` option with a known good checksum, or distribute the tool via a package manager that includes integrity checks. | Unknown | SKILL.md:30 | |
| HIGH | Access and temporary handling of sensitive Chrome session cookies For handling Claude.ai conversations, the tool explicitly states it 'Copies your Chrome session cookies to a temporary profile' and uses them for a single scraping session. While described as temporary and securely handled, this process involves accessing and manipulating highly sensitive user authentication data (session cookies) from the user's active Chrome profile. A vulnerability in the tool's implementation, its dependencies, or the temporary profile cleanup mechanism could lead to the persistence, exfiltration, or misuse of these cookies, potentially compromising the user's Claude.ai session or other linked services. Provide a detailed explanation of the cookie handling mechanism, including the exact location of the temporary profile, the methods used to copy and secure cookies, and guarantees for their deletion. Explore alternative authentication methods for Claude.ai that do not require direct cookie manipulation, if available. Clearly document the risks associated with this operation for users. | Unknown | SKILL.md:60 | |
| HIGH | Potential command injection in GitHub Pages publishing arguments The GitHub Pages publishing feature relies on invoking the external `gh` (GitHub CLI) tool and potentially `git` commands. User-supplied values for options like `--gh-pages-repo`, `--gh-pages-branch`, and `--gh-pages-dir` are passed as arguments to these shell commands. If these inputs are not rigorously sanitized and properly quoted before execution, a malicious user could craft an input that breaks out of the intended argument and injects arbitrary shell commands, leading to command injection. For example, a repository name like `myuser/myrepo; rm -rf /` could be dangerous if not handled correctly. Implement robust input validation and sanitization for all user-provided arguments passed to external shell commands. Ensure that arguments are properly escaped or quoted to prevent shell metacharacters from being interpreted as commands. Use libraries or frameworks that provide secure command execution functions. | Unknown | SKILL.md:170 |
Scan History
Embed Code
[](https://skillshield.io/report/15988d68e56b3b84)
Powered by SkillShield