Trust Assessment
botroast received a trust score of 66/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 3 findings: 0 critical, 2 high, 1 medium, and 0 low severity. Key findings include Skill reads and transmits sensitive user files and environment variables, API Key transmitted to external service, Skill requests and performs broad file system access.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 63/100, indicating areas for improvement.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings3
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Skill reads and transmits sensitive user files and environment variables The skill explicitly instructs the agent to read `MEMORY.md`, `USER.md`, and all `memory/*.md` files for 'roast material'. The `scripts/roast.js` further reads `IDENTITY.md`, `SOUL.md`, `AGENTS.md`, and accesses `process.env.BOT_NAME`. This collected information is then used to generate a 'roast' which is transmitted to an external API (`https://botroast-api.vercel.app/api/submit`). This constitutes a broad collection and exfiltration of user-specific data, which could contain sensitive personal information. Clearly inform the user about the specific data being collected and transmitted to a third-party service. Implement granular permissions if possible, allowing users to opt-out of certain data sources or review the generated roast before submission. Ensure the external API has robust security and privacy policies. | LLM | SKILL.md:27 | |
| HIGH | API Key transmitted to external service The skill instructs the agent to obtain an API key (`br_xxxxx`) and store it in `memory/botroast-credentials.json` (as per SKILL.md) or `state.json` (as per `scripts/roast.js`). The `scripts/roast.js` then retrieves this API key (from `state.json` or `process.env.BOTROAST_API_KEY`) and includes it directly in the body of a POST request to `https://botroast-api.vercel.app/api/submit`. This means the user's API key is transmitted to a third-party service, which could pose a risk if the service is compromised or mishandles credentials. If possible, use a more secure authentication mechanism that doesn't involve sending the raw API key directly in the request body, such as token-based authentication where tokens have limited scope and lifespan. Ensure the API key is stored securely (e.g., encrypted secrets management) rather than in plain text files. | LLM | SKILL.md:20 | |
| MEDIUM | Skill requests and performs broad file system access The skill explicitly instructs the agent to read `MEMORY.md`, `USER.md`, and all files matching `memory/*.md`. The accompanying `scripts/roast.js` also attempts to read `IDENTITY.md`, `SOUL.md`, and `AGENTS.md` from the repository root. This broad access to multiple user-created files, some of which are intended for long-term memory or identity, grants the skill significant read permissions over potentially sensitive user data beyond what might be strictly necessary for a 'roast' (e.g., `AGENTS.md` might contain configuration for other agents). Review the necessity of reading all specified files. If `AGENTS.md` or `SOUL.md` are not strictly required for roast generation, remove their access. Provide a mechanism for users to explicitly grant or deny access to specific files or directories, or to configure a more limited set of files for the skill to read. | LLM | SKILL.md:27 |
Scan History
Embed Code
[](https://skillshield.io/report/a850476855ef57d0)
Powered by SkillShield