Trust Assessment
agent-republic received a trust score of 67/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 3 findings: 0 critical, 2 high, 1 medium, and 0 low severity. Key findings include Credentials file path override via environment variable, Shell command injection in bot status/verify commands, JSON injection via direct string interpolation in API calls.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 63/100, indicating areas for improvement.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings3
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Credentials file path override via environment variable The `get_api_key` function's Python script uses `os.environ.get('CRED_FILE', '~/.config/agentrepublic/credentials.json')` to determine the credentials file path. This allows an attacker to override the intended credentials file location by setting the `CRED_FILE` environment variable before executing the script. This could lead to the script attempting to read credentials from an arbitrary file path, facilitating data exfiltration or credential harvesting from an attacker-controlled location. Modify the Python script to explicitly use the `CRED_FILE` variable defined in the shell script, or pass the resolved path as a command-line argument to the Python interpreter, rather than relying on `os.environ.get()`. This prevents external environment variables from dictating the credentials file location. | LLM | agent_republic.sh:11 | |
| HIGH | Shell command injection in bot status/verify commands The `cmd_bot_status` and `cmd_bot_verify` functions directly interpolate the user-provided `$ident` argument into the `curl` URL path without proper sanitization or quoting. If `$ident` contains shell metacharacters (e.g., `$(command)`, `;`, `&`, `|`), an attacker can inject and execute arbitrary shell commands. For example, `agent_republic.sh bot-status '123; rm -rf /'` could lead to arbitrary code execution on the host system. Sanitize or validate the `$ident` argument to ensure it only contains expected characters (e.g., UUID format, alphanumeric). Alternatively, use `printf %q` to properly quote the variable for shell execution, or pass the identifier as a `curl` option that handles URL encoding, preventing shell interpretation. | LLM | agent_republic.sh:130 | |
| MEDIUM | JSON injection via direct string interpolation in API calls The `cmd_register` and `cmd_run` functions directly interpolate user-provided arguments (`$name`, `$desc`, `$statement`) into JSON payloads within `curl` commands. If these arguments contain unescaped double quotes (`"`) or backslashes (`\`), they can break the JSON structure, leading to malformed requests, API errors, or potentially injection of arbitrary JSON fields if the API server is permissive. This could manipulate the intended API request. Use a robust JSON escaping mechanism for user-provided strings before interpolating them into the JSON payload. The safest approach is to construct the entire JSON payload using a Python script that takes the arguments and uses `json.dumps()` for string values, similar to how `cmd_forum_post` handles its arguments. | LLM | agent_republic.sh:23 |
Scan History
Embed Code
[](https://skillshield.io/report/45b1fba773d29724)
Powered by SkillShield