Trust Assessment
amikonet received a trust score of 10/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 19 findings: 0 critical, 18 high, 1 medium, and 0 low severity. Key findings include Sensitive path access: AI agent config, Command Injection via cli.js arguments, Command Injection via curl command payload.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The Static Code Analysis layer scored lowest at 0/100, indicating areas for improvement.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings19
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Sensitive path access: AI agent config Access to AI agent config path detected: '~/.clawdbot/'. This may indicate credential theft. Verify that access to this sensitive path is justified and declared. | Static | skills/mars-arch/amiko/SKILL.md:10 | |
| HIGH | Sensitive path access: AI agent config Access to AI agent config path detected: '~/.clawdbot/'. This may indicate credential theft. Verify that access to this sensitive path is justified and declared. | Static | skills/mars-arch/amiko/SKILL.md:17 | |
| HIGH | Sensitive path access: AI agent config Access to AI agent config path detected: '~/.clawdbot/'. This may indicate credential theft. Verify that access to this sensitive path is justified and declared. | Static | skills/mars-arch/amiko/SKILL.md:23 | |
| HIGH | Sensitive path access: AI agent config Access to AI agent config path detected: '~/.clawdbot/'. This may indicate credential theft. Verify that access to this sensitive path is justified and declared. | Static | skills/mars-arch/amiko/SKILL.md:29 | |
| HIGH | Sensitive path access: AI agent config Access to AI agent config path detected: '~/.clawdbot/'. This may indicate credential theft. Verify that access to this sensitive path is justified and declared. | Static | skills/mars-arch/amiko/SKILL.md:35 | |
| HIGH | Sensitive path access: AI agent config Access to AI agent config path detected: '~/.clawdbot/'. This may indicate credential theft. Verify that access to this sensitive path is justified and declared. | Static | skills/mars-arch/amiko/SKILL.md:38 | |
| HIGH | Sensitive path access: AI agent config Access to AI agent config path detected: '~/.clawdbot/'. This may indicate credential theft. Verify that access to this sensitive path is justified and declared. | Static | skills/mars-arch/amiko/SKILL.md:44 | |
| HIGH | Sensitive path access: AI agent config Access to AI agent config path detected: '~/.clawdbot/'. This may indicate credential theft. Verify that access to this sensitive path is justified and declared. | Static | skills/mars-arch/amiko/SKILL.md:50 | |
| HIGH | Sensitive path access: AI agent config Access to AI agent config path detected: '~/.clawdbot/'. This may indicate credential theft. Verify that access to this sensitive path is justified and declared. | Static | skills/mars-arch/amiko/SKILL.md:62 | |
| HIGH | Sensitive path access: AI agent config Access to AI agent config path detected: '~/.clawdbot/'. This may indicate credential theft. Verify that access to this sensitive path is justified and declared. | Static | skills/mars-arch/amiko/SKILL.md:67 | |
| HIGH | Sensitive path access: AI agent config Access to AI agent config path detected: '~/.clawdbot/'. This may indicate credential theft. Verify that access to this sensitive path is justified and declared. | Static | skills/mars-arch/amiko/SKILL.md:73 | |
| HIGH | Sensitive path access: AI agent config Access to AI agent config path detected: '~/.clawdbot/'. This may indicate credential theft. Verify that access to this sensitive path is justified and declared. | Static | skills/mars-arch/amiko/SKILL.md:79 | |
| HIGH | Sensitive path access: AI agent config Access to AI agent config path detected: '~/.clawdbot/'. This may indicate credential theft. Verify that access to this sensitive path is justified and declared. | Static | skills/mars-arch/amiko/SKILL.md:129 | |
| HIGH | Sensitive path access: AI agent config Access to AI agent config path detected: '~/.clawdbot/'. This may indicate credential theft. Verify that access to this sensitive path is justified and declared. | Static | skills/mars-arch/amiko/SKILL.md:134 | |
| HIGH | Sensitive path access: AI agent config Access to AI agent config path detected: '~/.clawdbot/'. This may indicate credential theft. Verify that access to this sensitive path is justified and declared. | Static | skills/mars-arch/amiko/SKILL.md:139 | |
| HIGH | Command Injection via cli.js arguments The skill's documentation demonstrates passing user-controlled input directly as arguments to the `cli.js` script (e.g., handle, post content, message, listing details, search keyword). If the `cli.js` script or the underlying skill implementation constructs shell commands by directly interpolating these arguments without proper sanitization or escaping, it creates a command injection vulnerability. An attacker could craft malicious input to execute arbitrary commands on the host system. Ensure that all user-provided input passed to `cli.js` is strictly validated and properly sanitized or escaped before being used in any shell command construction within `cli.js`. When executing external commands in Node.js, prefer `child_process.spawn` with an array of arguments over `child_process.exec` with string concatenation, and avoid `shell: true` where possible. | LLM | SKILL.md:20 | |
| HIGH | Command Injection via curl command payload The example `curl` command for updating a profile includes user-controlled fields (`name`, `bio`) within its JSON payload. If the skill or the LLM constructs this `curl` command by directly interpolating user input into the JSON string without proper escaping, an attacker could inject shell commands by breaking out of the JSON string. For example, input like `"name":"My Name","bio":"My bio"}' && malicious_command #` could lead to arbitrary code execution. When constructing `curl` commands or any shell command that includes user-provided data in its arguments or payload, ensure that all user input is rigorously validated and properly escaped for the context (e.g., JSON escaping, shell escaping). Avoid direct string concatenation for command construction; instead, use libraries or functions designed for safe argument passing. | LLM | SKILL.md:100 | |
| HIGH | Supply Chain Risk with 'npx -y' for package installation The documentation suggests using `npx -y @heyamiko/amikonet-signer generate`. The `-y` flag automatically confirms the installation of the `@heyamiko/amikonet-signer` package and its dependencies without user interaction. This significantly increases the supply chain risk, as a compromised package (e.g., malicious code injected into the package or a typosquat package) could be installed and executed silently, leading to arbitrary code execution or other malicious activities. Remove the `-y` flag from `npx` commands to require explicit user confirmation before installing packages. Additionally, ensure that all Node.js dependencies are pinned to specific versions in `package.json` to prevent unexpected updates that could introduce vulnerabilities or malicious code. Regularly audit third-party dependencies for known security issues. | LLM | SKILL.md:120 | |
| MEDIUM | Potential Data Exfiltration of JWT Token The `curl` example demonstrates reading the `~/.amikonet-token` file to include a JWT in the Authorization header. While reading a local file for authentication is a common pattern, if a command injection vulnerability (as described in other findings) exists within the `curl` command's construction, an attacker could manipulate the command to exfiltrate this sensitive JWT token to an external, attacker-controlled server. Mitigate underlying command injection vulnerabilities to prevent manipulation of commands that handle sensitive data. Implement strict input validation and output encoding for all user-controlled data used in command generation. Consider using secure credential storage mechanisms that do not expose tokens directly in shell commands if possible. | LLM | SKILL.md:100 |
Scan History
Embed Code
[](https://skillshield.io/report/31827de608ac33f6)
Powered by SkillShield