Trust Assessment
bookmark-intelligence received a trust score of 10/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 22 findings: 15 critical, 2 high, 4 medium, and 1 low severity. Key findings include Arbitrary command execution, Unsafe deserialization / dynamic eval, Missing required field: name.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The Manifest Analysis layer scored lowest at 0/100, indicating areas for improvement.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings22
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Arbitrary command execution Node.js synchronous shell execution Review all shell execution calls. Ensure commands are static (not built from user input), use absolute paths, and are strictly necessary. Prefer library APIs over shell commands. | Manifest | skills/bkrigmo1/bookmark-intelligence/analyzer.js:37 | |
| CRITICAL | Arbitrary command execution Node.js synchronous shell execution Review all shell execution calls. Ensure commands are static (not built from user input), use absolute paths, and are strictly necessary. Prefer library APIs over shell commands. | Manifest | skills/bkrigmo1/bookmark-intelligence/analyzer.js:124 | |
| CRITICAL | Arbitrary command execution Node.js synchronous shell execution Review all shell execution calls. Ensure commands are static (not built from user input), use absolute paths, and are strictly necessary. Prefer library APIs over shell commands. | Manifest | skills/bkrigmo1/bookmark-intelligence/analyzer.js:132 | |
| CRITICAL | Arbitrary command execution Node.js synchronous shell execution Review all shell execution calls. Ensure commands are static (not built from user input), use absolute paths, and are strictly necessary. Prefer library APIs over shell commands. | Manifest | skills/bkrigmo1/bookmark-intelligence/monitor.js:76 | |
| CRITICAL | Arbitrary command execution Node.js synchronous shell execution Review all shell execution calls. Ensure commands are static (not built from user input), use absolute paths, and are strictly necessary. Prefer library APIs over shell commands. | Manifest | skills/bkrigmo1/bookmark-intelligence/monitor.js:112 | |
| CRITICAL | Arbitrary command execution Node.js synchronous shell execution Review all shell execution calls. Ensure commands are static (not built from user input), use absolute paths, and are strictly necessary. Prefer library APIs over shell commands. | Manifest | skills/bkrigmo1/bookmark-intelligence/monitor.js:115 | |
| CRITICAL | Arbitrary command execution Node.js synchronous shell execution Review all shell execution calls. Ensure commands are static (not built from user input), use absolute paths, and are strictly necessary. Prefer library APIs over shell commands. | Manifest | skills/bkrigmo1/bookmark-intelligence/scripts/license.js:65 | |
| CRITICAL | Arbitrary command execution Node.js synchronous shell execution Review all shell execution calls. Ensure commands are static (not built from user input), use absolute paths, and are strictly necessary. Prefer library APIs over shell commands. | Manifest | skills/bkrigmo1/bookmark-intelligence/scripts/license.js:72 | |
| CRITICAL | Arbitrary command execution Node.js synchronous shell execution Review all shell execution calls. Ensure commands are static (not built from user input), use absolute paths, and are strictly necessary. Prefer library APIs over shell commands. | Manifest | skills/bkrigmo1/bookmark-intelligence/scripts/license.js:80 | |
| CRITICAL | Arbitrary command execution Node.js synchronous shell execution Review all shell execution calls. Ensure commands are static (not built from user input), use absolute paths, and are strictly necessary. Prefer library APIs over shell commands. | Manifest | skills/bkrigmo1/bookmark-intelligence/scripts/license.js:86 | |
| CRITICAL | Arbitrary command execution Node.js synchronous shell execution Review all shell execution calls. Ensure commands are static (not built from user input), use absolute paths, and are strictly necessary. Prefer library APIs over shell commands. | Manifest | skills/bkrigmo1/bookmark-intelligence/scripts/setup.js:56 | |
| CRITICAL | Arbitrary command execution Node.js synchronous shell execution Review all shell execution calls. Ensure commands are static (not built from user input), use absolute paths, and are strictly necessary. Prefer library APIs over shell commands. | Manifest | skills/bkrigmo1/bookmark-intelligence/scripts/setup.js:184 | |
| CRITICAL | Arbitrary command execution Node.js synchronous shell execution Review all shell execution calls. Ensure commands are static (not built from user input), use absolute paths, and are strictly necessary. Prefer library APIs over shell commands. | Manifest | skills/bkrigmo1/bookmark-intelligence/scripts/uninstall.js:43 | |
| CRITICAL | Arbitrary command execution Node.js synchronous shell execution Review all shell execution calls. Ensure commands are static (not built from user input), use absolute paths, and are strictly necessary. Prefer library APIs over shell commands. | Manifest | skills/bkrigmo1/bookmark-intelligence/scripts/uninstall.js:85 | |
| CRITICAL | Prompt Injection via Untrusted Content in LLM Prompt The `buildAnalysisPrompt` function directly embeds untrusted user-controlled data (`bookmark.text` and `urlContents`) into the prompt sent to the LLM. `urlContents` is fetched from arbitrary URLs found in the bookmark, making its content also untrusted. A malicious actor could craft the bookmark text or content of linked articles to include instructions that manipulate the LLM's behavior, potentially leading to data exfiltration, unauthorized actions, or denial of service. Implement robust sanitization or escaping of all untrusted input before embedding it into the LLM prompt. Consider using a dedicated LLM SDK that provides built-in prompt templating and input safety features. Explicitly instruct the LLM to ignore conflicting instructions within the user-provided content. | LLM | analyzer.js:50 | |
| HIGH | Command Injection via Untrusted URL in curl Command The `fetchUrlContent` function constructs a shell command using `curl` and directly embeds a user-controlled URL (`url`) into it. Although the URL is double-quoted, a sophisticated attacker could craft a malicious URL containing shell metacharacters (e.g., `$(evil_command)`, `'; evil_command #'`) to execute arbitrary commands on the host system. The `url` originates from `bookmark.text`, which is untrusted. Avoid using `execSync` with user-controlled input. Instead, use a dedicated HTTP client library (e.g., `node-fetch`, `axios`) that handles URL parsing and network requests securely without invoking a shell. If `curl` must be used, ensure the URL is rigorously validated and shell-escaped before inclusion in the command string. | LLM | analyzer.js:30 | |
| HIGH | Command Injection via Untrusted Credentials in bird CLI Call The `testCredentials` function in `scripts/setup.js` constructs a shell command to test Twitter credentials using `bird whoami`. It embeds user-provided `authToken` and `ct0` directly into the command string as environment variables (`AUTH_TOKEN="${authToken}" CT0="${ct0}"`). While passing as environment variables and using double quotes offers some protection, a malicious user could craft `authToken` or `ct0` values containing shell metacharacters (e.g., `"; evil_command #"`) to break out of the quotes and execute arbitrary commands on the host system. Validate user input for `authToken` and `ct0` to ensure they only contain expected characters (e.g., alphanumeric, base64-like strings). Avoid embedding user input directly into shell commands. If `bird` CLI must be used, explore if it offers a safer API for passing credentials or ensure robust shell escaping for the environment variable values. | LLM | scripts/setup.js:200 | |
| MEDIUM | Unsafe deserialization / dynamic eval Decryption followed by code execution Remove obfuscated code execution patterns. Legitimate code does not need base64-encoded payloads executed via eval, encrypted-then-executed blobs, or dynamic attribute resolution to call system functions. | Manifest | skills/bkrigmo1/bookmark-intelligence/monitor.js:91 | |
| MEDIUM | Unsafe deserialization / dynamic eval Decryption followed by code execution Remove obfuscated code execution patterns. Legitimate code does not need base64-encoded payloads executed via eval, encrypted-then-executed blobs, or dynamic attribute resolution to call system functions. | Manifest | skills/bkrigmo1/bookmark-intelligence/scripts/admin.js:131 | |
| MEDIUM | Missing required field: name The 'name' field is required for claude_code skills but is missing from frontmatter. Add a 'name' field to the SKILL.md frontmatter. | Static | skills/bkrigmo1/bookmark-intelligence/SKILL.md:1 | |
| MEDIUM | Unpinned Global Dependencies (bird, pm2) The skill's documentation (`SKILL.md`) and setup script (`scripts/setup.js`) instruct users to globally install `bird` and `pm2` using `npm install -g`. These dependencies are not listed in `package.json` and therefore are unpinned, meaning their versions are not fixed. This makes the skill vulnerable to supply chain attacks where a malicious update to `bird` or `pm2` (or a typosquatted package) could compromise the user's system without the skill's `package.json` reflecting the change or providing integrity checks. Manage all external dependencies, including CLI tools, through `package.json` using exact version pinning. This allows for reproducible builds and integrity checks. If global installation is necessary, provide clear instructions for verifying the authenticity and integrity of the installed packages (e.g., checksums, official sources). | LLM | SKILL.md:160 | |
| LOW | Node lockfile missing package.json is present but no lockfile was found (package-lock.json, pnpm-lock.yaml, or yarn.lock). Commit a lockfile for deterministic dependency resolution. | Dependencies | skills/bkrigmo1/bookmark-intelligence/package.json |
Scan History
Embed Code
[](https://skillshield.io/report/6cbfeae36b341219)
Powered by SkillShield