Trust Assessment
aip-identity received a trust score of 10/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 11 findings: 4 critical, 4 high, 2 medium, and 0 low severity. Key findings include Arbitrary command execution, Dangerous call: subprocess.run(), Suspicious import: urllib.request.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The Manifest Analysis layer scored lowest at 0/100, indicating areas for improvement.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings11
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Arbitrary command execution Python shell execution (os.system, subprocess) Review all shell execution calls. Ensure commands are static (not built from user input), use absolute paths, and are strictly necessary. Prefer library APIs over shell commands. | Manifest | skills/the-nexus-guard/aip-identity/scripts/aip.py:40 | |
| CRITICAL | Arbitrary command execution Python shell execution (os.system, subprocess) Review all shell execution calls. Ensure commands are static (not built from user input), use absolute paths, and are strictly necessary. Prefer library APIs over shell commands. | Manifest | skills/the-nexus-guard/aip-identity/scripts/aip.py:42 | |
| CRITICAL | Arbitrary command execution Python shell execution (os.system, subprocess) Review all shell execution calls. Ensure commands are static (not built from user input), use absolute paths, and are strictly necessary. Prefer library APIs over shell commands. | Manifest | skills/the-nexus-guard/aip-identity/scripts/aip.py:46 | |
| CRITICAL | Arbitrary command execution Python shell execution (os.system, subprocess) Review all shell execution calls. Ensure commands are static (not built from user input), use absolute paths, and are strictly necessary. Prefer library APIs over shell commands. | Manifest | skills/the-nexus-guard/aip-identity/scripts/aip.py:74 | |
| HIGH | Dangerous call: subprocess.run() Call to 'subprocess.run()' detected in function 'generate_keypair'. This can execute arbitrary code. Avoid using dangerous functions like exec/eval/os.system. Use safer alternatives. | Static | skills/the-nexus-guard/aip-identity/scripts/aip.py:40 | |
| HIGH | Dangerous call: subprocess.run() Call to 'subprocess.run()' detected in function 'sign_message'. This can execute arbitrary code. Avoid using dangerous functions like exec/eval/os.system. Use safer alternatives. | Static | skills/the-nexus-guard/aip-identity/scripts/aip.py:74 | |
| HIGH | Dangerous call: subprocess.run() Call to 'subprocess.run()' detected in function 'generate_keypair'. This can execute arbitrary code. Avoid using dangerous functions like exec/eval/os.system. Use safer alternatives. | Static | skills/the-nexus-guard/aip-identity/scripts/aip.py:42 | |
| HIGH | Dangerous call: subprocess.run() Call to 'subprocess.run()' detected in function 'generate_keypair'. This can execute arbitrary code. Avoid using dangerous functions like exec/eval/os.system. Use safer alternatives. | Static | skills/the-nexus-guard/aip-identity/scripts/aip.py:46 | |
| MEDIUM | Suspicious import: urllib.request Import of 'urllib.request' detected. This module provides network or low-level system access. Verify this import is necessary. Network and system modules in skill code may indicate data exfiltration. | Static | skills/the-nexus-guard/aip-identity/scripts/aip.py:7 | |
| MEDIUM | Configurable API Endpoint Allows Data Redirection The `AIP_BASE` variable, which determines the endpoint for all API communications, is configurable via the `AIP_SERVICE_URL` environment variable. If an attacker can control this environment variable in the agent's execution environment, all sensitive data (including DIDs, public keys, signed content, and encrypted messages) intended for the legitimate AIP service could be redirected to an attacker-controlled server. This could lead to unauthorized data exfiltration. Implement mechanisms to validate or restrict the `AIP_SERVICE_URL` environment variable in the agent's execution environment. Users should be warned about the implications of setting this variable to untrusted endpoints. For critical operations, consider hardcoding the endpoint or using a trusted configuration service. | LLM | scripts/aip.py:14 | |
| INFO | Private Key Stored Locally in Plaintext JSON The `aip_credentials.json` file, created and managed by this skill, stores the agent's `private_key` in plaintext JSON format. While this is the intended design for local key management, it makes this file a critical target for any other compromised skill or process running in the same environment. Unauthorized access to this file would compromise the agent's identity and allow an attacker to impersonate the agent. Advise users to secure the `aip_credentials.json` file with appropriate filesystem permissions. For enhanced security in production environments, consider integrating with secure key storage mechanisms (e.g., OS keychains, hardware security modules) or encrypting the file at rest with a passphrase. | LLM | scripts/aip.py:180 |
Scan History
Embed Code
[](https://skillshield.io/report/6a474f331c210ad8)
Powered by SkillShield