Trust Assessment
aws-ecs-monitor received a trust score of 35/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 3 findings: 2 critical, 1 high, 0 medium, and 0 low severity. Key findings include Remote code execution: curl/wget pipe to shell, Command Injection via Unescaped Python String Interpolation, Arbitrary Network Requests via User-Controlled URLs.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 55/100, indicating areas for improvement.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings3
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Remote code execution: curl/wget pipe to shell Detected a pattern that downloads and immediately executes remote code. This is a primary malware delivery vector. Never pipe curl/wget output directly to a shell interpreter. | Static | skills/briancolinger/aws-ecs-monitor/scripts/ecs-health.sh:61 | |
| CRITICAL | Command Injection via Unescaped Python String Interpolation The `python3 -c` command in `scripts/cloudwatch-logs.sh` directly interpolates shell variables `$svc` and `$lg` into the Python code string without proper escaping. If an attacker can control the `ECS_SERVICES` or `ECS_LOG_PATTERN` environment variables, they can inject arbitrary Python code. For example, setting `ECS_SERVICES` to `my-service', 'injected': __import__('os').system('id') or 'dummy'` would result in the execution of the `id` command during JSON serialization. Ensure all shell variables interpolated into `python3 -c` strings are properly escaped. A robust solution is to pass data via standard input (JSON) or environment variables to the Python script, rather than direct string interpolation. If direct interpolation is unavoidable, use `printf %q` for shell escaping or Python's `json.dumps()` on the individual variable values before constructing the final Python string. | LLM | scripts/cloudwatch-logs.sh:89 | |
| HIGH | Arbitrary Network Requests via User-Controlled URLs The `curl` commands in `scripts/ecs-health.sh` make HTTP requests to URLs specified by the `ECS_DOMAIN` and `ECS_HTTP_ENDPOINTS` environment variables. If an attacker can control these environment variables, they can direct the skill to make arbitrary network requests to external or internal hosts. This could be used to exfiltrate the IP address of the skill's execution environment, probe internal networks for accessible services (SSRF), or perform other malicious network activities. While the skill's purpose is monitoring, allowing unvalidated, arbitrary URLs from potentially untrusted configuration sources poses a significant risk. Implement strict validation for `ECS_DOMAIN` and `ECS_HTTP_ENDPOINTS` to ensure they point only to expected and safe domains/IPs. Consider using a whitelist of allowed endpoints or performing DNS/IP validation before executing `curl`. If the skill is intended to monitor arbitrary domains, clearly document the network access implications and ensure the execution environment is isolated. | LLM | scripts/ecs-health.sh:100 |
Scan History
Embed Code
[](https://skillshield.io/report/64c4df3aa34bdd58)
Powered by SkillShield