Security Audit
ghostty
github.com/Mrc220/agent_flywheel_clawdbot_skills_and_integrationsTrust Assessment
ghostty received a trust score of 65/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 2 findings: 1 critical, 1 high, 0 medium, and 0 low severity. Key findings include Arbitrary command execution via '-e' flag, Sensitive file access or data exfiltration via '--config-file' and '--working-directory'.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 55/100, indicating areas for improvement.
Last analyzed on June 1, 2026 (commit 6a655802). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings2
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Arbitrary command execution via '-e' flag The `ghostty` skill documentation explicitly states that the `-e` flag can be used to 'Start with command: `ghostty -e "htop"`'. If the command string passed to the `-e` flag is constructed using untrusted user input, an attacker can inject and execute arbitrary shell commands on the host system with the permissions of the agent. This is a direct and severe command injection vulnerability, allowing for full system compromise. When using the `ghostty` skill, ensure that any arguments passed to the `-e` flag are strictly validated, sanitized, or come from a trusted source. Ideally, avoid allowing user-controlled input to directly form the command string for `-e`. If user input is necessary, use an allow-list approach for commands or escape all special shell characters to prevent injection. | LLM | SKILL.md:63 | |
| HIGH | Sensitive file access or data exfiltration via '--config-file' and '--working-directory' The skill describes options like `ghostty --config-file=/path/to/config` and `ghostty --working-directory=/path/to/dir`. If the `/path/to/config` or `/path/to/dir` arguments are derived from untrusted user input, an attacker could specify paths to sensitive files (e.g., `/etc/passwd`, `~/.ssh/id_rsa`, `/var/log/auth.log`). Using `--config-file` could lead to `ghostty` attempting to read and parse arbitrary files, potentially exposing their content if `ghostty`'s output is captured by the LLM, or causing unexpected behavior. Using `--working-directory` could set the context for subsequent commands to a sensitive location, facilitating access to restricted files or directories. Implement strict validation and sanitization for file paths and directory paths provided to `ghostty` via `--config-file` and `--working-directory`. Restrict paths to known safe locations or use an allow-list approach. Avoid allowing arbitrary user-controlled paths. | LLM | SKILL.md:60 |
Scan History
Embed Code
[](https://skillshield.io/report/02715ffb03da990c)
Powered by SkillShield