Trust Assessment
beeper received a trust score of 65/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 3 findings: 1 critical, 1 high, 1 medium, and 0 low severity. Key findings include Potential Command Injection via CLI arguments, Arbitrary File Read/Write via `beeper assets` commands, Unpinned Dependency in Installation Instructions.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 48/100, indicating areas for improvement.
Last analyzed on February 14, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings3
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Potential Command Injection via CLI arguments The skill documentation demonstrates numerous `beeper` CLI commands that accept user-provided strings for arguments such as `--query`, chat IDs, message content, and file paths. If the LLM directly interpolates untrusted user input into these command arguments without proper shell escaping or sanitization, it could lead to arbitrary command execution on the host system. For example, a malicious user could inject shell metacharacters into a chat ID or message content, leading to unintended commands being executed. Implement robust shell escaping for all user-provided inputs before constructing and executing `beeper` commands. Use a safe command execution mechanism that prevents shell metacharacter interpretation (e.g., passing arguments as a list to `subprocess.run` in Python, or similar in other languages). | LLM | SKILL.md:52 | |
| HIGH | Arbitrary File Read/Write via `beeper assets` commands The `beeper assets upload` and `beeper assets download` commands allow the skill to read and write arbitrary files on the host filesystem. A malicious user could instruct the LLM to upload sensitive files (e.g., `/etc/passwd`, `~/.ssh/id_rsa`) or overwrite critical system files, leading to data exfiltration or system compromise. This grants excessive filesystem permissions to the skill if not carefully managed by the LLM. Restrict the paths that can be accessed by `beeper assets upload` and `beeper assets download` to a predefined, sandboxed directory. Implement strict validation and sanitization of file paths provided by users. Consider using a dedicated file upload/download mechanism with stricter access controls if possible, rather than direct filesystem access. | LLM | SKILL.md:90 | |
| MEDIUM | Unpinned Dependency in Installation Instructions The installation instructions recommend `go install github.com/foeken/beeper-cli@latest`. Using `@latest` means the `beeper-cli` version is unpinned. This introduces a supply chain risk as future versions could contain vulnerabilities or breaking changes without explicit review, potentially impacting the skill's security or functionality. Recommend pinning the `beeper-cli` version (e.g., `go install github.com/foeken/beeper-cli@vX.Y.Z`) to ensure reproducible and secure installations. Regularly review and update the pinned version. | LLM | SKILL.md:40 |
Scan History
Embed Code
[](https://skillshield.io/report/cf73e69520601bd3)
Powered by SkillShield