Trust Assessment
buy-anything received a trust score of 35/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 5 findings: 1 critical, 3 high, 0 medium, and 1 low severity. Key findings include Hardcoded Stripe Publishable Key detected, Instruction to store raw payment card details (PAN, Expiry, CVC) in LLM memory, Potential Command Injection via dynamic `curl` command construction with unvalidated user input.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 53/100, indicating areas for improvement.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings5
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Instruction to store raw payment card details (PAN, Expiry, CVC) in LLM memory The skill explicitly instructs the LLM to 'Save full card details (number, expiry, CVC) to memory for future purchases'. Storing raw CVC/CVV data is a direct violation of PCI DSS requirements and poses an extreme risk of financial fraud if the LLM's memory is compromised. Storing full card numbers and expiry dates, even if encrypted, is highly sensitive and generally not suitable for LLM memory due to the lack of robust security controls inherent in LLM memory. This constitutes both credential harvesting and data exfiltration. Never store raw payment card details (PAN, expiry, CVC) in LLM memory. Only store tokenized representations (e.g., Stripe tokens) if absolutely necessary, and only with explicit user consent and understanding of the risks. The CVC should never be stored. | LLM | SKILL.md:100 | |
| HIGH | Hardcoded Stripe Publishable Key detected A hardcoded Stripe Publishable Key was found. Secrets should be stored in environment variables or a secret manager. Replace the hardcoded secret with an environment variable reference. | Static | skills/tsyvic/buy-anything/SKILL.md:38 | |
| HIGH | Hardcoded Stripe Publishable Key detected A hardcoded Stripe Publishable Key was found. Secrets should be stored in environment variables or a secret manager. Replace the hardcoded secret with an environment variable reference. | Static | skills/tsyvic/buy-anything/SKILL.md:43 | |
| HIGH | Potential Command Injection via dynamic `curl` command construction with unvalidated user input The skill instructs the LLM to construct `curl` commands for Stripe tokenization and Rye API submission using user-provided data (e.g., card details, shipping address, product URL). If this user input is not properly sanitized or escaped before being interpolated into the `bash` command string, a malicious user could inject arbitrary shell commands. For example, a crafted card number or address field could break out of the `-d` argument and execute other commands on the host system. Implement robust input validation and sanitization for all user-provided data before it is used in shell commands. Prefer using dedicated API client libraries or functions that handle parameter escaping automatically, rather than direct string concatenation for `curl` commands. If `curl` must be used, ensure all user-supplied values are properly quoted and escaped for the shell context. | LLM | SKILL.md:44 | |
| LOW | Stripe publishable key hardcoded in skill definition The Stripe publishable key (`pk_live_...`) is directly embedded in the `SKILL.md` file. While publishable keys are designed to be public and are used client-side, hardcoding them in a skill definition means they cannot be easily rotated or managed centrally. If this key were ever compromised or needed to be changed, it would require updating the skill definition itself. Best practice is to manage API keys (even publishable ones) as environment variables or through a secure secrets management system, rather than hardcoding them. Store API keys, even publishable ones, in environment variables or a secure secrets management system rather than hardcoding them directly in the skill definition. This allows for easier rotation and prevents accidental exposure in source control. | LLM | SKILL.md:46 |
Scan History
Embed Code
[](https://skillshield.io/report/5bb3fb6871f01dd9)
Powered by SkillShield