Trust Assessment
backup-to-telnyx-storage received a trust score of 21/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 9 findings: 2 critical, 3 high, 4 medium, and 0 low severity. Key findings include Persistence / self-modification instructions, Sensitive environment variable access: $HOME, Command Injection via user-controlled WORKSPACE path.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 11/100, indicating areas for improvement.
Last analyzed on February 14, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings9
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Persistence / self-modification instructions Crontab manipulation (list/remove/edit) Remove any persistence mechanisms. Skills should not modify system startup configurations, crontabs, LaunchAgents, systemd services, or shell profiles. | Manifest | skills/dotcom-squad/telnyx-storage-backup/SKILL.md:83 | |
| CRITICAL | Command Injection via user-controlled WORKSPACE path The `restore.sh` script uses the user-controlled `WORKSPACE` variable (third argument) directly in `mkdir -p "$WORKSPACE"` and `tar -xzf "$TEMP_ARCHIVE" -C "$WORKSPACE"` commands. If a malicious user provides a `WORKSPACE` value containing shell command substitution (e.g., `$(evil_command)`), the `evil_command` will be executed with the privileges of the script. This allows for arbitrary command execution, potentially leading to system compromise or data destruction. Sanitize the `WORKSPACE` variable to remove or escape shell metacharacters before use, or strictly validate it against an allowed pattern. Alternatively, resolve the path to an absolute, canonical path and ensure it resides within an expected safe directory. Avoid direct shell expansion of user-controlled input. | LLM | restore.sh:59 | |
| HIGH | Command Injection via user-controlled BUCKET name The `backup.sh` script uses the user-controlled `BUCKET` variable (first argument) directly in multiple `telnyx` CLI commands, such as `telnyx storage bucket create "$BUCKET"` and `telnyx storage object put "$BUCKET" ...`. If a malicious user provides a `BUCKET` value containing shell command substitution (e.g., `$(evil_command)`), the `evil_command` will be executed with the privileges of the script. This allows for arbitrary command execution. Sanitize the `BUCKET` variable to remove or escape shell metacharacters before use, or strictly validate it against S3 bucket naming conventions. Avoid direct shell expansion of user-controlled input. | LLM | backup.sh:64 | |
| HIGH | Command Injection via user-controlled BUCKET name The `list.sh` script uses the user-controlled `BUCKET` variable (first argument) directly in the `telnyx storage object list "$BUCKET"` command. If a malicious user provides a `BUCKET` value containing shell command substitution (e.g., `$(evil_command)`), the `evil_command` will be executed with the privileges of the script. This allows for arbitrary command execution. Sanitize the `BUCKET` variable to remove or escape shell metacharacters before use, or strictly validate it against S3 bucket naming conventions. Avoid direct shell expansion of user-controlled input. | LLM | list.sh:20 | |
| HIGH | Command Injection via user-controlled BUCKET name The `restore.sh` script uses the user-controlled `BUCKET` variable (second argument) directly in `telnyx storage object list "$BUCKET"` and `telnyx storage object get "$BUCKET" ...` commands. If a malicious user provides a `BUCKET` value containing shell command substitution (e.g., `$(evil_command)`), the `evil_command` will be executed with the privileges of the script. This allows for arbitrary command execution. Sanitize the `BUCKET` variable to remove or escape shell metacharacters before use, or strictly validate it against S3 bucket naming conventions. Avoid direct shell expansion of user-controlled input. | LLM | restore.sh:34 | |
| MEDIUM | Sensitive environment variable access: $HOME Access to sensitive environment variable '$HOME' detected in shell context. Verify this environment variable access is necessary and the value is not exfiltrated. | Static | skills/dotcom-squad/telnyx-storage-backup/backup.sh:18 | |
| MEDIUM | Sensitive environment variable access: $HOME Access to sensitive environment variable '$HOME' detected in shell context. Verify this environment variable access is necessary and the value is not exfiltrated. | Static | skills/dotcom-squad/telnyx-storage-backup/restore.sh:16 | |
| MEDIUM | Unpinned Python dependency The `backup.py` script relies on the `boto3` library, but the installation instructions (`pip install boto3`) do not specify a version. This can lead to supply chain risks, where a new version of the dependency might introduce breaking changes, vulnerabilities, or unexpected behavior. It also makes builds non-deterministic. Pin the dependency to a specific version (e.g., `boto3==1.26.0`) in a `requirements.txt` file or directly in the installation command to ensure deterministic and secure builds. | LLM | backup.py:19 | |
| MEDIUM | Unpinned Node.js CLI dependency The shell scripts (`backup.sh`, `list.sh`, `restore.sh`) rely on the `@telnyx/api-cli` Node.js package, but the installation instructions (`npm install -g @telnyx/api-cli`) do not specify a version. This can lead to supply chain risks, where a new version of the CLI might introduce breaking changes, vulnerabilities, or unexpected behavior. It also makes builds non-deterministic. Pin the dependency to a specific version (e.g., `npm install -g @telnyx/api-cli@1.2.3`) in the installation command to ensure deterministic and secure builds. | LLM | SKILL.md:12 |
Scan History
Embed Code
[](https://skillshield.io/report/ef864896a517b82d)
Powered by SkillShield