Trust Assessment
ai-marketing-videos received a trust score of 10/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 5 findings: 3 critical, 1 high, 1 medium, and 0 low severity. Key findings include Arbitrary command execution, Remote code execution: curl/wget pipe to shell, Undeclared arbitrary shell execution via `curl | sh`.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 48/100, indicating areas for improvement.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings5
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Arbitrary command execution Remote code download piped to interpreter Review all shell execution calls. Ensure commands are static (not built from user input), use absolute paths, and are strictly necessary. Prefer library APIs over shell commands. | Manifest | skills/okaris/ai-marketing-videos/SKILL.md:9 | |
| CRITICAL | Remote code execution: curl/wget pipe to shell Detected a pattern that downloads and immediately executes remote code. This is a primary malware delivery vector. Never pipe curl/wget output directly to a shell interpreter. | Static | skills/okaris/ai-marketing-videos/SKILL.md:9 | |
| CRITICAL | Undeclared arbitrary shell execution via `curl | sh` The skill's manifest declares `Bash(infsh *)` permissions, implying it should only execute commands starting with `infsh`. However, the 'Quick Start' section includes `curl -fsSL https://cli.inference.sh | sh`. This command downloads and executes an arbitrary script from a remote URL (`inference.sh`) using `sh`. This bypasses the declared permission scope, allowing for arbitrary command execution on the host system. It also introduces a significant supply chain risk as the content of the remote script is not pinned or verified, making the system vulnerable to compromise if the remote source is malicious or compromised. 1. **Update declared permissions**: If `curl` and `sh` execution are truly necessary, the skill's manifest must declare `Bash(*)` or `Bash(curl *, sh *)` to accurately reflect its capabilities. 2. **Remove arbitrary execution**: Ideally, avoid `curl | sh`. If a setup script is needed, it should be part of the skill package itself and executed with explicit permission, or the `infsh` tool should be installed via a more secure, sandboxed method. 3. **Pin versions**: If remote scripts must be executed, implement hash verification to ensure integrity and prevent tampering. | LLM | SKILL.md:10 | |
| HIGH | Undeclared `npx` command execution The skill's manifest declares `Bash(infsh *)` permissions, but the 'Related Skills' section uses `npx skills add ...` commands. `npx` is a Node.js package runner and is not covered by the `infsh *` permission. This constitutes an attempt to execute commands outside the declared scope, potentially leading to unauthorized actions if the LLM executes it. This is a clear violation of the principle of least privilege. 1. **Update declared permissions**: If `npx` execution is necessary, the skill's manifest must declare `Bash(npx *)` or `Bash(*)` to accurately reflect its capabilities. 2. **Use `infsh` equivalent**: If `infsh` provides a way to add skills, use that instead to stay within the declared permission scope. | LLM | SKILL.md:204 | |
| MEDIUM | Unpinned `npx` skill dependencies The skill uses `npx skills add inference-sh/agent-skills@<skill-name>` without specifying a precise version (e.g., `@1.2.3`). This means that `npx` will fetch the latest available version of the skill. If a future version of `inference-sh/agent-skills` introduces malicious code or vulnerabilities, it could compromise the system when the skill is added. This lack of version pinning creates a supply chain risk. Pin all `npx` skill dependencies to specific, immutable versions (e.g., `inference-sh/agent-skills@ai-video-generation@1.0.0`) to ensure deterministic and secure installations. | LLM | SKILL.md:204 |
Scan History
Embed Code
[](https://skillshield.io/report/701862004f5b6fec)
Powered by SkillShield