Trust Assessment
approval-queue received a trust score of 59/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 5 findings: 0 critical, 2 high, 3 medium, and 0 low severity. Key findings include Missing required field: name, Potential Data Exfiltration via Configurable Webhook, Missing or Optional Authentication in Production.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 56/100, indicating areas for improvement.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings5
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Potential Data Exfiltration via Configurable Webhook The skill allows configuration of a `WEBHOOK_URL` which acts as a callback on approval/rejection events. If this URL can be controlled by an attacker or points to an untrusted external service, sensitive data from the queue items (e.g., `payload`, `reviewer_note`) could be exfiltrated. The `SKILL.md` does not specify any built-in security measures for this webhook. Implement strict validation and access control for the `WEBHOOK_URL` configuration. Ensure it only points to trusted, internal, or securely managed endpoints. Avoid sending sensitive data to unauthenticated or untrusted webhooks. Consider encrypting data sent to webhooks and implementing signature verification for incoming webhook calls if applicable. | LLM | SKILL.md:59 | |
| HIGH | Missing or Optional Authentication in Production The `SKILL.md` explicitly states that authentication middleware (API key or JWT) should be used 'in production'. This implies that authentication might not be enabled by default or during development, posing a significant risk of unauthorized access to sensitive API endpoints (e.g., `add`, `approve`, `reject`, `delete`) if deployed without proper authentication. This is a critical security control that should be mandatory. Implement mandatory and robust authentication and authorization for all API endpoints, especially those performing state-changing or sensitive operations, from the earliest stages of development. Do not rely on 'production' deployment for enabling fundamental security controls. | LLM | SKILL.md:49 | |
| MEDIUM | Missing required field: name The 'name' field is required for claude_code skills but is missing from frontmatter. Add a 'name' field to the SKILL.md frontmatter. | Static | skills/sa9saq/approval-queue/SKILL.md:1 | |
| MEDIUM | Potential UI Injection via `reviewer_note` The `SKILL.md` explicitly recommends sanitizing `reviewer_note` to prevent injection if displayed in a UI. This indicates a potential vulnerability (e.g., Cross-Site Scripting or other content injection) if the skill's implementation fails to properly sanitize this user-controlled input before rendering it in a user interface. Without proper sanitization, malicious scripts or content could be executed in a user's browser. Ensure robust input sanitization is applied to the `reviewer_note` field before it is stored or displayed in any user interface. Use context-aware escaping for different output formats (HTML, JSON, etc.) to prevent various injection attacks. | LLM | SKILL.md:48 | |
| MEDIUM | Insecure SQLite Database File Permissions The `SKILL.md` recommends setting `chmod 600` for the SQLite database file. If these restrictive permissions are not applied, the database file (`./data/queue.db`) could be readable or writable by unauthorized users or processes on the host system, leading to data leakage, tampering, or denial of service. This is a critical operating system-level security control. Ensure the SQLite database file is created and maintained with strict file permissions (e.g., `chmod 600` or equivalent for the operating system) to restrict access only to the necessary user/process. Implement checks to verify these permissions at runtime or during deployment. | LLM | SKILL.md:50 |
Scan History
Embed Code
[](https://skillshield.io/report/7216da9d57043463)
Powered by SkillShield