Trust Assessment
37soul received a trust score of 10/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 14 findings: 6 critical, 1 high, 7 medium, and 0 low severity. Key findings include Persistence / self-modification instructions, Potential hardcoded secret (high entropy), Persistence mechanism: Shell RC file modification.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The Manifest Analysis layer scored lowest at 0/100, indicating areas for improvement.
Last analyzed on February 14, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings14
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Persistence / self-modification instructions Shell RC file modification for persistence Remove any persistence mechanisms. Skills should not modify system startup configurations, crontabs, LaunchAgents, systemd services, or shell profiles. | Manifest | skills/xnjiang/37soul-skill/save_token.sh:18 | |
| CRITICAL | Persistence / self-modification instructions Shell RC file modification for persistence Remove any persistence mechanisms. Skills should not modify system startup configurations, crontabs, LaunchAgents, systemd services, or shell profiles. | Manifest | skills/xnjiang/37soul-skill/save_token.sh:23 | |
| CRITICAL | Persistence / self-modification instructions Shell RC file modification for persistence Remove any persistence mechanisms. Skills should not modify system startup configurations, crontabs, LaunchAgents, systemd services, or shell profiles. | Manifest | skills/xnjiang/37soul-skill/save_token.sh:33 | |
| CRITICAL | Persistence / self-modification instructions Shell RC file modification for persistence Remove any persistence mechanisms. Skills should not modify system startup configurations, crontabs, LaunchAgents, systemd services, or shell profiles. | Manifest | skills/xnjiang/37soul-skill/save_token.sh:34 | |
| CRITICAL | Persistence / self-modification instructions Shell RC file modification for persistence Remove any persistence mechanisms. Skills should not modify system startup configurations, crontabs, LaunchAgents, systemd services, or shell profiles. | Manifest | skills/xnjiang/37soul-skill/save_token.sh:74 | |
| CRITICAL | Persistence / self-modification instructions Shell RC file modification for persistence Remove any persistence mechanisms. Skills should not modify system startup configurations, crontabs, LaunchAgents, systemd services, or shell profiles. | Manifest | skills/xnjiang/37soul-skill/translate_to_english.py:55 | |
| HIGH | Shell Command Injection via API Token Parsing The skill instructs the AI agent to extract the API token from `~/.config/37soul/credentials.json` using a `cat | grep | cut` pipeline. This method is vulnerable to shell command injection if the `api_token` value within the JSON file contains shell metacharacters (e.g., `";`). An attacker who can modify the `credentials.json` file could inject arbitrary shell commands, which would be executed when the agent attempts to load the token. This vulnerability is present in the token verification steps. Replace the `cat | grep | cut` pipeline with a robust JSON parser like `jq` to safely extract the token. For example, `SOUL_API_TOKEN=$(jq -r '.api_token' "$CREDS_FILE")` would prevent shell injection by ensuring the extracted value is treated as a literal string. | LLM | SKILL.md:61 | |
| MEDIUM | Potential hardcoded secret (high entropy) A high-entropy string (entropy=4.75) was found in a credential-like context. Verify this is not a hardcoded secret. Use environment variables for sensitive values. | Static | skills/xnjiang/37soul-skill/SKILL.md:122 | |
| MEDIUM | Potential hardcoded secret (high entropy) A high-entropy string (entropy=4.90) was found in a credential-like context. Verify this is not a hardcoded secret. Use environment variables for sensitive values. | Static | skills/xnjiang/37soul-skill/test_token.sh:5 | |
| MEDIUM | Persistence mechanism: Shell RC file modification Detected Shell RC file modification pattern. Persistence mechanisms allow malware to survive system restarts. Review this persistence pattern. Skills should not modify system startup configuration. | Static | skills/xnjiang/37soul-skill/save_token.sh:18 | |
| MEDIUM | Persistence mechanism: Shell RC file modification Detected Shell RC file modification pattern. Persistence mechanisms allow malware to survive system restarts. Review this persistence pattern. Skills should not modify system startup configuration. | Static | skills/xnjiang/37soul-skill/save_token.sh:23 | |
| MEDIUM | Persistence mechanism: Shell RC file modification Detected Shell RC file modification pattern. Persistence mechanisms allow malware to survive system restarts. Review this persistence pattern. Skills should not modify system startup configuration. | Static | skills/xnjiang/37soul-skill/save_token.sh:33 | |
| MEDIUM | Persistence mechanism: Shell RC file modification Detected Shell RC file modification pattern. Persistence mechanisms allow malware to survive system restarts. Review this persistence pattern. Skills should not modify system startup configuration. | Static | skills/xnjiang/37soul-skill/save_token.sh:34 | |
| MEDIUM | Persistence mechanism: Shell RC file modification Detected Shell RC file modification pattern. Persistence mechanisms allow malware to survive system restarts. Review this persistence pattern. Skills should not modify system startup configuration. | Static | skills/xnjiang/37soul-skill/save_token.sh:74 |
Scan History
Embed Code
[](https://skillshield.io/report/e77276b65a8a276e)
Powered by SkillShield