Security Audit
ubs
github.com/Mrc220/agent_flywheel_clawdbot_skills_and_integrationsTrust Assessment
ubs received a trust score of 10/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 4 findings: 3 critical, 1 high, 0 medium, and 0 low severity. Key findings include Arbitrary command execution, Remote code execution: curl/wget pipe to shell, Unpinned remote script execution from external repository.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 55/100, indicating areas for improvement.
Last analyzed on June 1, 2026 (commit 6a655802). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings4
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Arbitrary command execution Remote code download piped to interpreter Review all shell execution calls. Ensure commands are static (not built from user input), use absolute paths, and are strictly necessary. Prefer library APIs over shell commands. | Manifest | skills/ubs/SKILL.md:260 | |
| CRITICAL | Remote code execution: curl/wget pipe to shell Detected a pattern that downloads and immediately executes remote code. This is a primary malware delivery vector. Never pipe curl/wget output directly to a shell interpreter. | Static | skills/ubs/SKILL.md:260 | |
| CRITICAL | Unpinned remote script execution from external repository The skill instructs users to install a tool by directly piping an unpinned remote script from an external GitHub repository (`https://raw.githubusercontent.com/Dicklesworthstone/ultimate_bug_scanner/master/install.sh`) to `bash`. This repository (`Dicklesworthstone/ultimate_bug_scanner`) is different from the skill's declared repository (`Mrc220/agent_flywheel_clawdbot_skills_and_integrations`). This allows for arbitrary code execution during installation, and the content of the script can change at any time without notice, posing a severe supply chain risk. A malicious actor gaining control of the `Dicklesworthstone` repository could compromise all installations. 1. **Verify Source**: Clarify the relationship between the `Mrc220` and `Dicklesworthstone` repositories. If `Dicklesworthstone` is a legitimate dependency, it should be explicitly declared as such. 2. **Pin Version**: Do not use `master` branch for installation. Pin to a specific commit hash, tag, or release version to ensure deterministic installations. 3. **Local Inclusion/Mirroring**: For critical dependencies, consider including the installation script or binary directly within the skill package or mirroring it from a trusted, controlled source. 4. **Review Script**: Thoroughly review the `install.sh` script for any malicious or overly permissive actions. | LLM | SKILL.md:250 | |
| HIGH | Potential data exfiltration via broad filesystem access by untrusted binary The `ubs` tool, installed from an unverified and unpinned external source (as identified in SS-LLM-006), is designed to scan entire projects (`ubs .`, `ubs /path/to/project`). This grants the tool broad read access to all files within a project directory. If the `ubs` binary or its installation script is compromised, it could exfiltrate sensitive user data, source code, or configuration files from the scanned projects. The agent integration hooks (`.claude/hooks/on-file-write.sh` example at line 190) further automate the execution of this potentially malicious tool on user files. Address the root supply chain risk (SS-LLM-006) first. Ensure the `ubs` tool is sourced from a trusted, verified, and pinned location. Implement sandboxing or least-privilege execution environments for such tools, especially when integrated into automated workflows like agent hooks. | LLM | SKILL.md:41 |
Scan History
Embed Code
[](https://skillshield.io/report/a22bc825283e6b11)
Powered by SkillShield