Trust Assessment
auto-animate received a trust score of 75/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.
SkillShield's automated analysis identified 3 findings: 0 critical, 1 high, 2 medium, and 0 low severity. Key findings include Command Injection via Package Manager Execution, Excessive Filesystem Permissions, Unpinned Dependency Version.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 12, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings3
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Command Injection via Package Manager Execution The `init-auto-animate.sh` script directly executes external package manager commands (`pnpm add`, `yarn add`, `npm install`). While the package name is hardcoded, this demonstrates a direct capability for command injection. If the skill's content were to be tampered with, or if the package name were dynamically sourced, this could lead to arbitrary code execution on the host system. This is a significant security risk as it allows the skill to run external programs. Avoid direct execution of shell commands within skill scripts. If package installation is necessary, consider using a sandboxed environment or a more controlled mechanism provided by the agent's runtime. If direct execution is unavoidable, ensure all arguments are strictly validated and sanitized, and consider pinning dependency versions. | LLM | scripts/init-auto-animate.sh:26 | |
| MEDIUM | Excessive Filesystem Permissions The `init-auto-animate.sh` script performs several filesystem operations including creating directories (`mkdir -p`), writing files (`cat >`), and copying files (`cp`). This indicates broad filesystem access, which could be abused if the script were malicious or compromised. While the current operations are benign, the capability to modify arbitrary files and directories poses a risk. Limit filesystem operations to the absolute minimum required. If possible, use agent-provided APIs for file management that enforce stricter permissions or operate within a confined sandbox. Avoid creating or modifying files outside of designated skill-specific directories. | LLM | scripts/init-auto-animate.sh:48 | |
| MEDIUM | Unpinned Dependency Version The skill's documentation and implicit installation process rely on `@formkit/auto-animate` with a caret (`^`) version range (`^0.9.0`). This means that any future `0.9.x` version could be installed automatically. If a malicious update is published within this range, it could introduce vulnerabilities or backdoors without explicit user consent or review, posing a supply chain risk. Pin all dependencies to exact versions (e.g., `0.9.0` instead of `^0.9.0` or `~0.9.0`). This ensures that the exact same version is always installed, preventing unexpected changes or malicious updates from being automatically pulled into the project. Regularly audit and manually update dependencies after verifying their integrity. | LLM | SKILL.md:204 |
Scan History
Embed Code
[](https://skillshield.io/report/002b2ad7a67c0be6)
Powered by SkillShield