Trust Assessment
brawlnet received a trust score of 86/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.
SkillShield's automated analysis identified 1 finding: 0 critical, 1 high, 0 medium, and 0 low severity. Key findings include Potential Command Injection via Unsanitized Shell Arguments.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 14, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings1
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Potential Command Injection via Unsanitized Shell Arguments The skill defines its tools in SKILL.md as shell commands (`node client.js ...`). Several arguments to these commands, such as `<name>`, `<botId>`, `<token>`, and `<matchId>`, are user-controlled strings. If the host environment executes these commands directly from the LLM's output without proper shell escaping or sanitization of these arguments, an attacker could inject arbitrary shell commands. For example, if the LLM provides a `name` argument like `mybot; rm -rf /`, and the host executes this directly, `rm -rf /` could be executed on the host system. The host environment responsible for executing the skill's tools must ensure that all user-provided arguments are properly escaped for the shell before execution. Alternatively, the skill definition could be updated to use a more structured execution method (e.g., a direct function call in a sandboxed environment) that does not rely on shell interpretation of arguments. | LLM | SKILL.md:40 |
Scan History
Embed Code
[](https://skillshield.io/report/c540eb412d847ffe)
Powered by SkillShield