Trust Assessment
acorn-prover received a trust score of 82/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.
SkillShield's automated analysis identified 2 findings: 0 critical, 1 high, 1 medium, and 0 low severity. Key findings include Unsanitized user-provided arguments in shell commands, Skill requires broad file system access.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings2
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Unsanitized user-provided arguments in shell commands The skill instructs the LLM to execute `acorn` commands with arguments that can be directly influenced by user input, specifically `<filename>.ac` for `verify` and the `DIR` argument for `training` and `docs`. The skill definition does not specify any sanitization or validation for these arguments before they are passed to the shell. An attacker could provide input containing shell metacharacters (e.g., `"; rm -rf /"`, `` `malicious_command` ``) which would be executed by the shell, leading to arbitrary command execution on the host system. Implement robust input validation and sanitization for all user-provided arguments that are passed to shell commands. For filenames and directory paths, ensure they conform to expected formats and do not contain any shell metacharacters. When constructing shell commands, always use a method that properly escapes arguments, such as `shlex.quote()` in Python, to prevent injection. | LLM | SKILL.md:49 | |
| MEDIUM | Skill requires broad file system access The skill's setup process requires the user to specify `ACORN_LIB` and `ACORN_PROJECT` paths, which can be arbitrary directories on the file system. While the `scripts/setup.sh` script validates that these paths exist as directories, the skill, through the `acorn` tool, gains broad read and potentially write access to these specified locations and their contents. This broad access, if combined with other vulnerabilities (e.g., command injection or a flaw in the `acorn` tool itself), could be leveraged for unauthorized data access, modification, or exfiltration from sensitive areas of the file system. Evaluate if the required scope of file system access can be narrowed. If not, clearly communicate the security implications of providing these paths to the user. Ensure that all operations performed within these paths are strictly controlled and that the `acorn` tool itself operates with the principle of least privilege. Consider sandboxing the skill's execution environment to limit its impact. | LLM | SKILL.md:12 |
Scan History
Embed Code
[](https://skillshield.io/report/529f6f149586865a)
Powered by SkillShield