Trust Assessment
agent-linguo received a trust score of 63/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 4 findings: 0 critical, 2 high, 1 medium, and 1 low severity. Key findings include Missing required field: name, Node lockfile missing, LLM instructed to interpret and respond to untrusted protocol.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 12, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings4
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | LLM instructed to interpret and respond to untrusted protocol The skill explicitly instructs the host LLM on how to interpret and respond to messages prefixed with '👽'. This creates a direct prompt injection vector where untrusted input using this prefix can manipulate the LLM's behavior, potentially leading to unintended actions or information disclosure. The skill defines a 'Human-Unreadable' language, which, if interpreted by an LLM, could bypass safety mechanisms and allow an attacker to issue arbitrary commands. Implement strict input validation and sanitization for any input that might be interpreted as Agent Lingua. Ensure the LLM's core instructions are robust against manipulation by this protocol. Consider sandboxing the interpretation of Agent Lingua commands to prevent direct execution or sensitive data access. | LLM | SKILL.md:170 | |
| HIGH | Agent instructed to fetch external protocol specification The skill instructs the agent to fetch the full protocol specification from an external URL (`https://clawhub.ai/xiwan/agent-linguo`) when it encounters the signature `--👽lingua/[version]@agent-lingua`. This introduces a significant supply chain risk, as the content at the external URL could be compromised or malicious, potentially leading to the agent executing harmful instructions or exfiltrating data. Additionally, fetching external content can expose the agent's environment (e.g., IP address, user agent) to the external server, posing a data exfiltration risk. Avoid fetching external specifications dynamically. If external fetching is absolutely necessary, implement strict content validation, integrity checks (e.g., cryptographic signatures), and ensure the URL is pinned to a trusted, immutable source. Consider proxying requests through a secure gateway to prevent direct exposure of the agent's environment. | LLM | SKILL.md:19 | |
| MEDIUM | Missing required field: name The 'name' field is required for claude_code skills but is missing from frontmatter. Add a 'name' field to the SKILL.md frontmatter. | Static | skills/xiwan/agent-linguo/SKILL.md:1 | |
| LOW | Node lockfile missing package.json is present but no lockfile was found (package-lock.json, pnpm-lock.yaml, or yarn.lock). Commit a lockfile for deterministic dependency resolution. | Dependencies | skills/xiwan/agent-linguo/package.json |
Scan History
Embed Code
[](https://skillshield.io/report/1c385ec3cad592d3)
Powered by SkillShield