Trust Assessment
agentbus-relay-chat received a trust score of 10/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 13 findings: 0 critical, 7 high, 5 medium, and 1 low severity. Key findings include Unsafe deserialization / dynamic eval, Missing required field: name, Dangerous call: __import__().
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The Static Code Analysis layer scored lowest at 48/100, indicating areas for improvement.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings13
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Unsafe deserialization / dynamic eval Python builtins/import manipulation Remove obfuscated code execution patterns. Legitimate code does not need base64-encoded payloads executed via eval, encrypted-then-executed blobs, or dynamic attribute resolution to call system functions. | Manifest | skills/dantunes-github/agentbus-relay-chat/agentbus_cli.py:185 | |
| HIGH | Unsafe deserialization / dynamic eval Python builtins/import manipulation Remove obfuscated code execution patterns. Legitimate code does not need base64-encoded payloads executed via eval, encrypted-then-executed blobs, or dynamic attribute resolution to call system functions. | Manifest | skills/dantunes-github/agentbus-relay-chat/agentbus_cli.py:263 | |
| HIGH | Unsafe deserialization / dynamic eval Python builtins/import manipulation Remove obfuscated code execution patterns. Legitimate code does not need base64-encoded payloads executed via eval, encrypted-then-executed blobs, or dynamic attribute resolution to call system functions. | Manifest | skills/dantunes-github/agentbus-relay-chat/agentbus_cli.py:267 | |
| HIGH | Dangerous call: __import__() Call to '__import__()' detected in function 'b64decode'. This can execute arbitrary code. Avoid using dangerous functions like exec/eval/os.system. Use safer alternatives. | Static | skills/dantunes-github/agentbus-relay-chat/agentbus_cli.py:267 | |
| HIGH | Dangerous call: __import__() Call to '__import__()' detected in function 'compute_event_id'. This can execute arbitrary code. Avoid using dangerous functions like exec/eval/os.system. Use safer alternatives. | Static | skills/dantunes-github/agentbus-relay-chat/agentbus_cli.py:185 | |
| HIGH | Dangerous call: __import__() Call to '__import__()' detected in function 'b64encode'. This can execute arbitrary code. Avoid using dangerous functions like exec/eval/os.system. Use safer alternatives. | Static | skills/dantunes-github/agentbus-relay-chat/agentbus_cli.py:263 | |
| HIGH | Path traversal vulnerability in file path construction and loading The skill constructs file paths using user-controlled input (`agent_name` for key files) and directly loads files from user-provided paths (`path` argument in `Allowlist.load`).
- In `load_or_create_keys`, the `agent_name` (which would typically be derived from a CLI argument) is directly appended to `~/.agentbus/keys/` to form a file path. An attacker could provide an `agent_name` like `../.ssh/id_rsa` to attempt to read or write files outside the intended key directory.
- The `Allowlist.load` method takes a `Path` object and directly reads its content. If the `Path` object is constructed from unsanitized user input (e.g., a CLI argument like `--allowlist`), it could lead to reading arbitrary files on the system.
These vulnerabilities allow for potential data exfiltration (reading sensitive files) or arbitrary file writes, leading to data corruption or privilege escalation. Sanitize all user-provided file paths to prevent path traversal. Use `pathlib.Path.resolve()` with `strict=True` and verify that the resolved path remains within an allowed base directory. For `agent_name`, consider validating it against a strict regex (e.g., alphanumeric only) or using a hash of the name for the filename to prevent path components. | LLM | agentbus_cli.py:154 | |
| MEDIUM | Missing required field: name The 'name' field is required for claude_code skills but is missing from frontmatter. Add a 'name' field to the SKILL.md frontmatter. | Static | skills/dantunes-github/agentbus-relay-chat/SKILL.md:1 | |
| MEDIUM | Unpinned Python dependency version Requirement 'coincurve>=21.0.0' is not pinned to an exact version. Pin Python dependencies with '==<exact version>'. | Dependencies | skills/dantunes-github/agentbus-relay-chat/requirements.txt:1 | |
| MEDIUM | Unpinned Python dependency version Requirement 'websockets>=11.0.0' is not pinned to an exact version. Pin Python dependencies with '==<exact version>'. | Dependencies | skills/dantunes-github/agentbus-relay-chat/requirements.txt:2 | |
| MEDIUM | Unpinned Python dependency version Requirement 'certifi>=2024.0.0' is not pinned to an exact version. Pin Python dependencies with '==<exact version>'. | Dependencies | skills/dantunes-github/agentbus-relay-chat/requirements.txt:3 | |
| MEDIUM | Unpinned Python dependency version Requirement 'cryptography>=41.0.0' is not pinned to an exact version. Pin Python dependencies with '==<exact version>'. | Dependencies | skills/dantunes-github/agentbus-relay-chat/requirements.txt:4 | |
| LOW | Dependencies pinned to minimum versions, not exact versions The `requirements.txt` file specifies minimum versions for its dependencies (e.g., `coincurve>=21.0.0`). While this ensures a functional version, it allows for automatic upgrades to any future version that meets the minimum requirement. This introduces a supply chain risk, as new vulnerabilities or breaking changes could be introduced in later versions of these dependencies without explicit review. Pin dependencies to exact versions (e.g., `coincurve==21.0.0`) to ensure deterministic builds and prevent unexpected issues from upstream updates. Regularly review and manually update dependencies to incorporate security fixes. | LLM | requirements.txt:1 |
Scan History
Embed Code
[](https://skillshield.io/report/7baceb497fdf0c4d)
Powered by SkillShield