Trust Assessment
birdnet received a trust score of 10/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 7 findings: 2 critical, 4 high, 1 medium, and 0 low severity. Key findings include Network egress to untrusted endpoints, Sensitive path access: AI agent config, Sensitive environment variable access: $HOME.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The Manifest Analysis layer scored lowest at 40/100, indicating areas for improvement.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings7
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Network egress to untrusted endpoints HTTP request to raw IP address Review all outbound network calls. Remove connections to webhook collectors, paste sites, and raw IP addresses. Legitimate API calls should use well-known service domains. | Manifest | skills/rappo/birdnet/SKILL.md:11 | |
| CRITICAL | Network egress to untrusted endpoints HTTP request to raw IP address Review all outbound network calls. Remove connections to webhook collectors, paste sites, and raw IP addresses. Legitimate API calls should use well-known service domains. | Manifest | skills/rappo/birdnet/scripts/birdnet.sh:15 | |
| HIGH | Sensitive path access: AI agent config Access to AI agent config path detected: '~/.clawdbot/'. This may indicate credential theft. Verify that access to this sensitive path is justified and declared. | Static | skills/rappo/birdnet/SKILL.md:8 | |
| HIGH | Sensitive path access: AI agent config Access to AI agent config path detected: '~/.clawdbot/'. This may indicate credential theft. Verify that access to this sensitive path is justified and declared. | Static | skills/rappo/birdnet/scripts/birdnet.sh:5 | |
| HIGH | Command Injection via unsanitized user input in 'recent' command The 'recent' command directly interpolates the user-provided 'limit' argument into a 'curl' command without proper sanitization or shell escaping. An attacker can inject arbitrary shell commands by providing a malicious 'limit' value (e.g., '10; rm -rf /'). This could lead to arbitrary code execution on the host system. Sanitize the 'limit' variable to ensure it only contains numeric values, or use a method that prevents shell metacharacter interpretation. For example, validate it with a regex like '^[0-9]+$' or cast it to an integer if the shell supports it, before using it in the curl command. | LLM | scripts/birdnet.sh:22 | |
| HIGH | Command Injection via unsanitized user input in 'detection' command The 'detection' command directly interpolates the user-provided 'id' argument into a 'curl' command without proper sanitization or shell escaping. An attacker can inject arbitrary shell commands by providing a malicious 'id' value (e.g., '123; cat /etc/passwd'). This could lead to arbitrary code execution or data exfiltration on the host system. Sanitize the 'id' variable to ensure it only contains expected characters (e.g., alphanumeric, integers) or use a method that prevents shell metacharacter interpretation. For example, validate it with a regex like '^[0-9a-zA-Z]+$' before using it in the curl command. | LLM | scripts/birdnet.sh:58 | |
| MEDIUM | Sensitive environment variable access: $HOME Access to sensitive environment variable '$HOME' detected in shell context. Verify this environment variable access is necessary and the value is not exfiltrated. | Static | skills/rappo/birdnet/scripts/birdnet.sh:7 |
Scan History
Embed Code
[](https://skillshield.io/report/6472be5932f9e44a)
Powered by SkillShield