Trust Assessment
atxp received a trust score of 65/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 4 findings: 1 critical, 1 high, 2 medium, and 0 low severity. Key findings include Potential Command Injection via CLI tool arguments, Arbitrary command execution via `source ~/.atxp/config`, Exposure of `ATXP_CONNECTION` via environment variable and `echo`.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 41/100, indicating areas for improvement.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings4
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Potential Command Injection via CLI tool arguments The skill invokes `npx atxp` commands with user-provided arguments (`<query>` or `<prompt>`). If these arguments are not properly sanitized or escaped before being passed to the shell, an attacker can inject arbitrary shell commands (e.g., `npx atxp search 'foo; rm -rf /'`). This is a direct and critical command injection vulnerability, as the skill's functionality relies on executing external commands with potentially untrusted input. Ensure all user-provided arguments passed to `npx atxp` commands are rigorously sanitized and escaped to prevent shell metacharacter interpretation. Prefer using a safe command execution mechanism that passes arguments as an array (e.g., `subprocess.run(..., shell=False)` in Python) rather than a single string to avoid shell interpretation. | LLM | SKILL.md:22 | |
| HIGH | Arbitrary command execution via `source ~/.atxp/config` The skill instructs to `source ~/.atxp/config`. If an attacker can write to or modify this file (e.g., through a vulnerability in `npx atxp login`, a prior command injection, or by exploiting insecure file permissions), they can inject arbitrary shell commands that will be executed with the skill's privileges when the `source` command is run. This creates a persistent and powerful command injection vector. Avoid sourcing configuration files that might be user-modifiable or created by external, potentially untrusted processes. If configuration must be loaded, use a secure parsing method (e.g., JSON, YAML parser) that does not involve executing arbitrary shell script. Ensure `npx atxp login` creates this file securely with minimal permissions and that its content is validated. | LLM | SKILL.md:16 | |
| MEDIUM | Exposure of `ATXP_CONNECTION` via environment variable and `echo` The skill relies on the `ATXP_CONNECTION` environment variable for authentication and explicitly demonstrates its presence using `echo $ATXP_CONNECTION`. While environment variables are common for secrets, if the skill's execution environment is not sufficiently isolated, or if other vulnerabilities (e.g., prompt injection) allow an attacker to read environment variables, this sensitive credential could be exfiltrated. The explicit `echo` command increases the risk of accidental logging or disclosure. Ensure that the `ATXP_CONNECTION` environment variable is only accessible to the necessary processes and is not inadvertently logged or exposed. Avoid echoing sensitive environment variables in documentation or scripts. Implement strict access controls for the skill's execution environment. Consider using a secrets management system that provides secrets on demand rather than persistent environment variables. | LLM | SKILL.md:13 | |
| MEDIUM | Reliance on external `npx` command and potential for malicious package The skill relies on `npx atxp login` and other `npx atxp` commands. `npx` executes packages from the npm registry. If the `atxp` package itself is compromised (e.g., malicious code injected into a legitimate package, or a typosquatting attack), or if `npx atxp login` has vulnerabilities, it could lead to arbitrary code execution. The subsequent `source ~/.atxp/config` further amplifies this risk by executing potentially malicious content from a file created by the external tool. Implement strict controls over external dependencies. Pin exact versions of the `atxp` package if possible. Regularly audit the `atxp` package for known vulnerabilities and ensure its integrity. Consider sandboxing the execution environment for `npx` commands to limit potential damage from a compromised dependency. | LLM | SKILL.md:15 |
Scan History
Embed Code
[](https://skillshield.io/report/5797c9e3eb6174c4)
Powered by SkillShield