Trust Assessment
camoufox-stealth received a trust score of 20/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 8 findings: 1 critical, 6 high, 1 medium, and 0 low severity. Key findings include Persistence / self-modification instructions, Potential data exfiltration: file read + network send, Arbitrary File Write via Output/Screenshot Paths.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 18/100, indicating areas for improvement.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings8
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Persistence / self-modification instructions Shell RC file modification for persistence Remove any persistence mechanisms. Skills should not modify system startup configurations, crontabs, LaunchAgents, systemd services, or shell profiles. | Manifest | skills/kesslerio/camoufox-stealth/scripts/camoufox-session.py:293 | |
| HIGH | Potential data exfiltration: file read + network send Function 'fetch_api' reads files and sends data over the network. This may indicate data exfiltration. Review this function to ensure file contents are not being sent to external servers. | Static | skills/kesslerio/camoufox-stealth/scripts/curl-api.py:103 | |
| HIGH | Arbitrary File Write via Output/Screenshot Paths The `camoufox-fetch.py`, `camoufox-session.py`, and `curl-api.py` scripts allow users to specify arbitrary file paths for saving output, screenshots, or exported cookies. An attacker could use this to overwrite critical files within the `pybox` container or write sensitive data to an accessible location, potentially leading to denial of service or information disclosure within the container's scope. Sanitize user-provided file paths to ensure they are within an allowed directory (e.g., a temporary directory or a designated output folder) and do not contain directory traversal sequences (e.g., '..', '/'). Alternatively, implement a strict allowlist for file extensions and base names, or use a file picker UI. | LLM | scripts/camoufox-fetch.py:100 | |
| HIGH | Arbitrary File Write via Output/Screenshot Paths The `camoufox-fetch.py`, `camoufox-session.py`, and `curl-api.py` scripts allow users to specify arbitrary file paths for saving output, screenshots, or exported cookies. An attacker could use this to overwrite critical files within the `pybox` container or write sensitive data to an accessible location, potentially leading to denial of service or information disclosure within the container's scope. Sanitize user-provided file paths to ensure they are within an allowed directory (e.g., a temporary directory or a designated output folder) and do not contain directory traversal sequences (e.g., '..', '/'). Alternatively, implement a strict allowlist for file extensions and base names, or use a file picker UI. | LLM | scripts/camoufox-fetch.py:96 | |
| HIGH | Arbitrary File Write via Output/Screenshot Paths The `camoufox-fetch.py`, `camoufox-session.py`, and `curl-api.py` scripts allow users to specify arbitrary file paths for saving output, screenshots, or exported cookies. An attacker could use this to overwrite critical files within the `pybox` container or write sensitive data to an accessible location, potentially leading to denial of service or information disclosure within the container's scope. Sanitize user-provided file paths to ensure they are within an allowed directory (e.g., a temporary directory or a designated output folder) and do not contain directory traversal sequences (e.g., '..', '/'). Alternatively, implement a strict allowlist for file extensions and base names, or use a file picker UI. | LLM | scripts/camoufox-session.py:103 | |
| HIGH | Arbitrary File Read via Import Cookies Path The `camoufox-session.py` script allows users to specify an arbitrary file path for importing cookies. An attacker could use this to read sensitive files from the `pybox` container's filesystem, potentially leading to information disclosure. Sanitize user-provided file paths to ensure they are within an allowed directory (e.g., a designated input folder) and do not contain directory traversal sequences (e.g., '..', '/'). Alternatively, implement a strict allowlist for file extensions and base names, or use a file picker UI. | LLM | scripts/camoufox-session.py:97 | |
| HIGH | Arbitrary File Write via Output/Screenshot Paths The `camoufox-fetch.py`, `camoufox-session.py`, and `curl-api.py` scripts allow users to specify arbitrary file paths for saving output, screenshots, or exported cookies. An attacker could use this to overwrite critical files within the `pybox` container or write sensitive data to an accessible location, potentially leading to denial of service or information disclosure within the container's scope. Sanitize user-provided file paths to ensure they are within an allowed directory (e.g., a temporary directory or a designated output folder) and do not contain directory traversal sequences (e.g., '..', '/'). Alternatively, implement a strict allowlist for file extensions and base names, or use a file picker UI. | LLM | scripts/curl-api.py:100 | |
| MEDIUM | Unpinned Python Dependencies The `setup.sh` script installs Python packages (`camoufox`, `curl_cffi`) without specifying exact versions. This makes the skill vulnerable to supply chain attacks, where a malicious actor could publish a compromised version of a dependency, or a typosquatting package, which would then be installed automatically. Pin all Python dependencies to exact versions (e.g., `camoufox==1.2.3`) in a `requirements.txt` file and use `pip install -r requirements.txt`. Regularly audit and update these pinned versions. | LLM | scripts/setup.sh:20 |
Scan History
Embed Code
[](https://skillshield.io/report/31203413fdfc64e0)
Powered by SkillShield