Trust Assessment
ai-quota-check received a trust score of 10/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 6 findings: 3 critical, 1 high, 2 medium, and 0 low severity. Key findings include Arbitrary command execution, Unsafe deserialization / dynamic eval, Potential Command Injection via `execSync` with unverified input.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The Manifest Analysis layer scored lowest at 3/100, indicating areas for improvement.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings6
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Arbitrary command execution Node.js child_process require Review all shell execution calls. Ensure commands are static (not built from user input), use absolute paths, and are strictly necessary. Prefer library APIs over shell commands. | Manifest | skills/kr1json/ai-quota-check/index.js:14 | |
| CRITICAL | Arbitrary command execution Node.js synchronous shell execution Review all shell execution calls. Ensure commands are static (not built from user input), use absolute paths, and are strictly necessary. Prefer library APIs over shell commands. | Manifest | skills/kr1json/ai-quota-check/index.js:200 | |
| CRITICAL | Arbitrary command execution Node.js synchronous shell execution Review all shell execution calls. Ensure commands are static (not built from user input), use absolute paths, and are strictly necessary. Prefer library APIs over shell commands. | Manifest | skills/kr1json/ai-quota-check/index.js:206 | |
| HIGH | Potential Command Injection via `execSync` with unverified input The `index.js` script imports and likely uses `child_process.execSync`, which executes arbitrary shell commands. The skill is designed to accept command-line arguments (e.g., `--current-model`, `--task`) as indicated in the `SKILL.md` usage examples. If these arguments, or any other external input, are directly interpolated into an `execSync` call without proper sanitization or escaping, an attacker could inject malicious commands, leading to arbitrary code execution on the host system. The provided `index.js` content is truncated, preventing a full analysis of all `execSync` usages and input handling. Review all instances where `execSync` is used. Ensure that any variables derived from user input (e.g., command-line arguments, environment variables, file contents) are thoroughly sanitized and escaped before being passed to `execSync`. Consider using `child_process.spawn` with an array of arguments for safer execution, as it avoids shell interpretation, or specific Node.js APIs that do not involve shell execution. | LLM | index.js:15 | |
| MEDIUM | Unsafe deserialization / dynamic eval Decryption followed by code execution Remove obfuscated code execution patterns. Legitimate code does not need base64-encoded payloads executed via eval, encrypted-then-executed blobs, or dynamic attribute resolution to call system functions. | Manifest | skills/kr1json/ai-quota-check/index.js:98 | |
| MEDIUM | Broad system command execution capability The skill utilizes `child_process.execSync`, which grants it the ability to execute arbitrary shell commands on the host system. While this might be necessary for its stated functionality (e.g., interacting with `codex` CLI tools, though not explicitly shown in the snippet), it represents a powerful permission. If combined with a command injection vulnerability (as noted in SS-LLM-003), it significantly increases the risk of system compromise. Even if currently used safely, the primitive itself allows for broad system interaction. Evaluate if `execSync` is strictly necessary for all operations. If possible, replace it with more constrained APIs or specific Node.js modules that achieve the desired functionality without invoking a shell. If `execSync` must be used, ensure robust input validation and sanitization for all arguments passed to it, and consider running the skill with the minimum necessary privileges. | LLM | index.js:15 |
Scan History
Embed Code
[](https://skillshield.io/report/a5db1a709df19fa0)
Powered by SkillShield