Security Audit
digital-brain
github.com/muratcankoylan/Agent-Skills-for-Context-EngineeringTrust Assessment
digital-brain received a trust score of 10/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 6 findings: 2 critical, 2 high, 1 medium, and 1 low severity. Key findings include File read + network send exfiltration, Sensitive environment variable access: $HOME, Sensitive path access: AI agent config.
The analysis covered 4 layers: manifest_analysis, llm_behavioral_safety, dependency_graph, static_code_analysis. The static_code_analysis layer scored lowest at 33/100, indicating areas for improvement.
Last analyzed on February 11, 2026 (commit 7942df36). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings6
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | File read + network send exfiltration AI agent config/credential file access Remove access to sensitive files not required by the skill's stated purpose. SSH keys, cloud credentials, and browser data should never be read by skills unless explicitly part of their declared functionality. | Unknown | /var/folders/1k/67b8r20n777f_xcmmm8b7m5h0000gn/T/skillscan-clone-_y7b6xxo/repo/examples/digital-brain-skill/scripts/install.sh:23 | |
| CRITICAL | Shell Command Injection via User Input in Installation Script The `install.sh` script constructs file paths using user-provided input (`custom_path`) without proper sanitization or quoting. This allows an attacker to inject arbitrary shell commands by providing a malicious path string, which will then be executed by `mkdir -p`, `rm -rf`, and `cp -r` commands. Sanitize user input or, preferably, quote variables used in shell commands to prevent word splitting and glob expansion. For example, use `mkdir -p "$(dirname "$TARGET_DIR")"` and `rm -rf "$TARGET_DIR"`. A more robust solution would be to use `read -r` and then validate the path string before use, or use a programming language with safer path manipulation functions. | Unknown | scripts/install.sh:40 | |
| HIGH | Sensitive path access: AI agent config Access to AI agent config path detected: '~/.claude/'. This may indicate credential theft. Verify that access to this sensitive path is justified and declared. | Unknown | /var/folders/1k/67b8r20n777f_xcmmm8b7m5h0000gn/T/skillscan-clone-_y7b6xxo/repo/examples/digital-brain-skill/scripts/install.sh:23 | |
| HIGH | Excessive File System Permissions in Installation Script The `install.sh` script uses `rm -rf` and `cp -r` with a target directory (`TARGET_DIR`) that can be partially controlled by user input. In conjunction with the command injection vulnerability, this allows an attacker to delete or overwrite arbitrary files and directories on the system where the script is executed, potentially leading to data loss or system compromise. Implement robust input validation and sanitization for `custom_path` to ensure it only contains valid and safe directory names. Always quote variables used in shell commands to prevent unexpected behavior. Consider restricting the scope of installation to predefined, safe locations or using a more secure installation mechanism. | Unknown | scripts/install.sh:56 | |
| MEDIUM | Sensitive environment variable access: $HOME Access to sensitive environment variable '$HOME' detected in shell context. Verify this environment variable access is necessary and the value is not exfiltrated. | Unknown | /var/folders/1k/67b8r20n777f_xcmmm8b7m5h0000gn/T/skillscan-clone-_y7b6xxo/repo/examples/digital-brain-skill/scripts/install.sh:31 | |
| LOW | Node lockfile missing package.json is present but no lockfile was found (package-lock.json, pnpm-lock.yaml, or yarn.lock). Commit a lockfile for deterministic dependency resolution. | Unknown | /var/folders/1k/67b8r20n777f_xcmmm8b7m5h0000gn/T/skillscan-clone-_y7b6xxo/repo/examples/digital-brain-skill/package.json |
Scan History
Embed Code
[](https://skillshield.io/report/ca0f70f1a7eddf4a)
Powered by SkillShield