Trust Assessment
aluvia-web-unblock received a trust score of 65/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 3 findings: 0 critical, 2 high, 1 medium, and 0 low severity. Key findings include Unpinned npm dependency version, Server-Side Request Forgery (SSRF) via unvalidated direct URL input, Server-Side Request Forgery (SSRF) via unvalidated URLs from search results.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings3
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Server-Side Request Forgery (SSRF) via unvalidated direct URL input The skill's `content.js` script directly fetches a URL provided as a command-line argument (`process.argv[2]`). This allows an attacker (via prompt injection to the LLM or direct manipulation of the skill's input) to make the skill perform requests to arbitrary internal or external network resources. This could lead to data exfiltration from internal systems, port scanning, or interaction with internal services that are not intended to be publicly accessible. While the skill's purpose is web fetching, the lack of URL validation against private IP ranges or disallowed domains creates a significant risk. Implement robust URL validation and sanitization. Restrict fetched URLs to allowed domains or IP ranges. Specifically, block requests to private IP addresses (e.g., 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16, 127.0.0.1) and internal hostnames. The agent orchestrator should also enforce strict input validation for URLs passed to this skill. | LLM | content.js:28 | |
| HIGH | Server-Side Request Forgery (SSRF) via unvalidated URLs from search results The `search.js` script can fetch content from URLs found in Brave search results if the `--content` flag is used. While Brave Search is a reputable source, an attacker could potentially craft a search query that leads to a malicious URL in the search results (e.g., by SEO poisoning or controlling a domain that appears in results), which the skill would then fetch. This creates a secondary vector for Server-Side Request Forgery (SSRF), allowing the skill to make requests to arbitrary internal or external network resources, potentially leading to data exfiltration, port scanning, or interaction with internal services. Implement robust URL validation and sanitization for URLs extracted from search results. Restrict fetched URLs to allowed domains or IP ranges. Specifically, block requests to private IP addresses (e.g., 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16, 127.0.0.1) and internal hostnames. The agent orchestrator should also enforce strict input validation for search queries and consider limiting the `--content` functionality if not strictly necessary. | LLM | search.js:118 | |
| MEDIUM | Unpinned npm dependency version Dependency '@aluvia/sdk' is not pinned to an exact version ('^1.1.0'). Pin dependencies to exact versions to reduce drift and supply-chain risk. | Dependencies | skills/bertxtrella/aluvia-web-unblock/package.json |
Scan History
Embed Code
[](https://skillshield.io/report/22e91ec01dc95d98)
Powered by SkillShield