Trust Assessment
autobahn received a trust score of 51/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 4 findings: 1 critical, 1 high, 2 medium, and 0 low severity. Key findings include Missing required field: name, Sensitive environment variable access: $HOME, Command injection via unsanitized environment variables in install script.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 55/100, indicating areas for improvement.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings4
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Command injection via unsanitized environment variables in install script The `scripts/install.sh` script uses environment variables `AUTOBAHN_VERSION` and `AUTOBAHN_INSTALL_DIR` to construct paths and filenames. Although these variables are double-quoted, command substitution (`$(...)`) is still evaluated within double quotes in bash. An attacker who can control these environment variables (e.g., by setting them before running the script) can inject arbitrary commands, leading to remote code execution on the system executing the script. For example, setting `AUTOBAHN_INSTALL_DIR='$(rm -rf /)'` would execute `rm -rf /` when `mkdir -p "$INSTALL_DIR"` is called. Sanitize environment variables before use by validating their content against expected patterns (e.g., valid path characters) or by strictly filtering out shell metacharacters and command substitutions. Alternatively, use a more robust installation method that does not rely on direct shell variable expansion for untrusted input. | LLM | scripts/install.sh:5 | |
| HIGH | No integrity verification for downloaded binary in install script The `scripts/install.sh` script downloads the `autobahn` CLI binary from a GitHub release URL (`https://github.com/${REPO}/releases/download/${VERSION}/${ASSET}`). It does not perform any integrity verification (e.g., SHA256 checksum, GPG signature) on the downloaded file. This makes the installation vulnerable to supply chain attacks, where a compromised GitHub repository or tampered release assets could lead to the installation and execution of a malicious binary on the user's system without detection. Implement cryptographic integrity verification for downloaded binaries. This typically involves downloading a separate checksum file (e.g., SHA256SUMS) or a GPG signature file, and verifying the downloaded binary against it before making it executable or running it. | LLM | scripts/install.sh:30 | |
| MEDIUM | Missing required field: name The 'name' field is required for claude_code skills but is missing from frontmatter. Add a 'name' field to the SKILL.md frontmatter. | Static | skills/unifiedh/autobahn/SKILL.md:1 | |
| MEDIUM | Sensitive environment variable access: $HOME Access to sensitive environment variable '$HOME' detected in shell context. Verify this environment variable access is necessary and the value is not exfiltrated. | Static | skills/unifiedh/autobahn/scripts/install.sh:5 |
Scan History
Embed Code
[](https://skillshield.io/report/90aea360dae151dc)
Powered by SkillShield