Trust Assessment
api-mock-server received a trust score of 58/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 4 findings: 1 critical, 1 high, 2 medium, and 0 low severity. Key findings include Missing required field: name, Potential Command Injection via Unsanitized User Input in Shell Commands, Arbitrary File Read Capability via User-Provided Spec File Path.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 48/100, indicating areas for improvement.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings4
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Potential Command Injection via Unsanitized User Input in Shell Commands The skill describes executing shell commands (`npx @stoplight/prism-cli mock <spec-file>`, `npx json-server --watch db.json`, `curl`, `lsof`). If user-provided input for `<spec-file>`, `db.json`, or `PORT` is directly interpolated into these commands without proper sanitization or validation, it could allow an attacker to inject arbitrary shell commands. For example, a malicious `<spec-file>` path could contain shell metacharacters, leading to remote code execution. Implement robust input validation and sanitization for all user-provided arguments used in shell commands. Prefer using safe subprocess execution methods that avoid shell interpretation (e.g., `subprocess.run` with `shell=False` in Python, or passing arguments as a list). Ensure `PORT` is validated as an integer. | LLM | SKILL.md:17 | |
| HIGH | Arbitrary File Read Capability via User-Provided Spec File Path The skill explicitly states it will "Accept from user: File path (JSON/YAML)" and uses this path in commands like `npx @stoplight/prism-cli mock <spec-file>`. If the user-provided file path is not restricted to a safe directory or validated, an attacker could specify paths to sensitive system files (e.g., `/etc/passwd`, `/app/secrets.env`) to read their contents, leading to data exfiltration. Restrict file path inputs to a predefined, safe directory (e.g., a temporary upload directory). Validate file extensions and content. Implement strict path sanitization to prevent directory traversal attacks (e.g., `../`). | LLM | SKILL.md:10 | |
| MEDIUM | Missing required field: name The 'name' field is required for claude_code skills but is missing from frontmatter. Add a 'name' field to the SKILL.md frontmatter. | Static | skills/sa9saq/api-mock-server/SKILL.md:1 | |
| MEDIUM | Unpinned Dependencies in `npx` Commands The skill instructs the use of `npx @stoplight/prism-cli` and `npx json-server` without specifying a version (e.g., `@stoplight/prism-cli@x.y.z`). `npx` will default to downloading and executing the latest available version of these packages. This introduces a supply chain risk, as a compromise of the package maintainer or registry could lead to a malicious version being downloaded and executed without explicit consent or review. Pin dependency versions in `npx` commands (e.g., `npx @stoplight/prism-cli@4.10.0`). Regularly review and update pinned versions to incorporate security fixes. Consider using a package manager's lock file for deterministic builds. | LLM | SKILL.md:17 |
Scan History
Embed Code
[](https://skillshield.io/report/985a03dc10ed313d)
Powered by SkillShield