Trust Assessment
bitwarden received a trust score of 90/100, placing it in the Trusted category. This skill has passed all critical security checks and demonstrates strong security practices.
SkillShield's automated analysis identified 1 finding: 0 critical, 1 high, 0 medium, and 0 low severity. Key findings include Potential Command Injection via `rbw` arguments.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings1
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Potential Command Injection via `rbw` arguments The skill documentation explicitly states that 'The agent uses `exec` to run `rbw` commands.' Examples such as `rbw get "Name"` and `rbw search "query"` indicate that user-controlled strings are intended to be passed as arguments to these commands. If these arguments are not properly sanitized or escaped before being passed to the underlying shell execution mechanism (e.g., `subprocess.run(..., shell=True)` or direct string interpolation into a shell command), an attacker could inject arbitrary shell commands, potentially leading to full system compromise. Ensure all user-provided arguments passed to `rbw` commands are rigorously sanitized and escaped. It is highly recommended to avoid `shell=True` in `subprocess` calls and instead pass arguments as a list of strings (e.g., `subprocess.run(['rbw', 'get', item_name], check=True)`). If `shell=True` is unavoidable, use a robust escaping function for all user-controlled input to prevent command injection. | LLM | SKILL.md:30 |
Scan History
Embed Code
[](https://skillshield.io/report/97e788e67ccf08f1)
Powered by SkillShield