Trust Assessment
archon-nostr received a trust score of 10/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 4 findings: 3 critical, 1 high, 0 medium, and 0 low severity. Key findings include Arbitrary command execution, Remote code execution: curl/wget pipe to shell, Sensitive Mnemonic Interpolated into Script.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 55/100, indicating areas for improvement.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings4
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Arbitrary command execution Remote code download piped to interpreter Review all shell execution calls. Ensure commands are static (not built from user input), use absolute paths, and are strictly necessary. Prefer library APIs over shell commands. | Manifest | skills/macterra/archon-nostr/SKILL.md:10 | |
| CRITICAL | Remote code execution: curl/wget pipe to shell Detected a pattern that downloads and immediately executes remote code. This is a primary malware delivery vector. Never pipe curl/wget output directly to a shell interpreter. | Static | skills/macterra/archon-nostr/SKILL.md:10 | |
| CRITICAL | Sensitive Mnemonic Interpolated into Script The `MNEMONIC` variable, which contains a highly sensitive cryptographic seed phrase derived from `ARCHON_PASSPHRASE`, is directly interpolated into a JavaScript string literal within a `node` command. This poses two major risks:
1. **Command Injection**: Malicious characters within the mnemonic could break out of the string literal and execute arbitrary JavaScript code within the Node.js process.
2. **Data Exfiltration**: The mnemonic becomes visible in process arguments, which can be exposed to other users on a multi-user system via `ps aux` or stored in shell history/logs, leading to credential harvesting. Avoid direct string interpolation of sensitive data. Pass the mnemonic securely to the Node.js script, for example, via standard input, a secure environment variable (if the environment is trusted), or a temporary file with restricted permissions. The Node.js script should then read it securely. | LLM | scripts/derive-nostr.sh:29 | |
| HIGH | Unpinned npm Dependencies The `npm install` command in `scripts/derive-nostr.sh` installs cryptographic libraries (`bip39`, `@scure/bip32`, `secp256k1`, `bech32`) without specifying exact versions. This introduces a supply chain risk, as a future `npm install` could fetch a compromised or vulnerable version of these packages if their maintainers were to be compromised or if a malicious package was published under the same name. Pin all npm dependencies to specific versions (e.g., `bip39@3.0.0`) or use a `package.json` and `package-lock.json` file to ensure deterministic and secure dependency resolution. | LLM | scripts/derive-nostr.sh:20 |
Scan History
Embed Code
[](https://skillshield.io/report/503e2395e290b486)
Powered by SkillShield