Trust Assessment
can received a trust score of 65/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 13 findings: 12 critical, 0 high, 1 medium, and 0 low severity. Key findings include Potential Command Injection via Unsanitized Input in Shell Commands, Handling of Sensitive Private Keys.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 0/100, indicating areas for improvement.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings13
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Potential Command Injection via Unsanitized Input in Shell Commands The skill description provides numerous shell command examples that directly embed placeholder variables like `{file}`, `{content}`, `{dir}`, `{nameable}`, and `{skill-slug}` without demonstrating proper sanitization (e.g., quoting or escaping). If an AI agent implements these commands by directly interpolating untrusted user input into the shell string, it creates critical command injection vulnerabilities. An attacker could craft malicious input to execute arbitrary commands on the host system. All variables interpolated into shell commands must be properly quoted and/or escaped to prevent command injection. For file paths, use `printf '%q'` or similar shell-specific quoting mechanisms. For content, ensure it's passed via stdin or properly escaped. For `clawhub install`, validate and sanitize the `{skill-slug}` rigorously. | LLM | skills/xccx/can/SKILL.md:86 | |
| CRITICAL | Potential Command Injection via Unsanitized Input in Shell Commands The skill description provides numerous shell command examples that directly embed placeholder variables like `{file}`, `{content}`, `{dir}`, `{nameable}`, and `{skill-slug}` without demonstrating proper sanitization (e.g., quoting or escaping). If an AI agent implements these commands by directly interpolating untrusted user input into the shell string, it creates critical command injection vulnerabilities. An attacker could craft malicious input to execute arbitrary commands on the host system. All variables interpolated into shell commands must be properly quoted and/or escaped to prevent command injection. For file paths, use `printf '%q'` or similar shell-specific quoting mechanisms. For content, ensure it's passed via stdin or properly escaped. For `clawhub install`, validate and sanitize the `{skill-slug}` rigorously. | LLM | skills/xccx/can/SKILL.md:89 | |
| CRITICAL | Potential Command Injection via Unsanitized Input in Shell Commands The skill description provides numerous shell command examples that directly embed placeholder variables like `{file}`, `{content}`, `{dir}`, `{nameable}`, and `{skill-slug}` without demonstrating proper sanitization (e.g., quoting or escaping). If an AI agent implements these commands by directly interpolating untrusted user input into the shell string, it creates critical command injection vulnerabilities. An attacker could craft malicious input to execute arbitrary commands on the host system. All variables interpolated into shell commands must be properly quoted and/or escaped to prevent command injection. For file paths, use `printf '%q'` or similar shell-specific quoting mechanisms. For content, ensure it's passed via stdin or properly escaped. For `clawhub install`, validate and sanitize the `{skill-slug}` rigorously. | LLM | skills/xccx/can/SKILL.md:92 | |
| CRITICAL | Potential Command Injection via Unsanitized Input in Shell Commands The skill description provides numerous shell command examples that directly embed placeholder variables like `{file}`, `{content}`, `{dir}`, `{nameable}`, and `{skill-slug}` without demonstrating proper sanitization (e.g., quoting or escaping). If an AI agent implements these commands by directly interpolating untrusted user input into the shell string, it creates critical command injection vulnerabilities. An attacker could craft malicious input to execute arbitrary commands on the host system. All variables interpolated into shell commands must be properly quoted and/or escaped to prevent command injection. For file paths, use `printf '%q'` or similar shell-specific quoting mechanisms. For content, ensure it's passed via stdin or properly escaped. For `clawhub install`, validate and sanitize the `{skill-slug}` rigorously. | LLM | skills/xccx/can/SKILL.md:110 | |
| CRITICAL | Potential Command Injection via Unsanitized Input in Shell Commands The skill description provides numerous shell command examples that directly embed placeholder variables like `{file}`, `{content}`, `{dir}`, `{nameable}`, and `{skill-slug}` without demonstrating proper sanitization (e.g., quoting or escaping). If an AI agent implements these commands by directly interpolating untrusted user input into the shell string, it creates critical command injection vulnerabilities. An attacker could craft malicious input to execute arbitrary commands on the host system. All variables interpolated into shell commands must be properly quoted and/or escaped to prevent command injection. For file paths, use `printf '%q'` or similar shell-specific quoting mechanisms. For content, ensure it's passed via stdin or properly escaped. For `clawhub install`, validate and sanitize the `{skill-slug}` rigorously. | LLM | skills/xccx/can/SKILL.md:124 | |
| CRITICAL | Potential Command Injection via Unsanitized Input in Shell Commands The skill description provides numerous shell command examples that directly embed placeholder variables like `{file}`, `{content}`, `{dir}`, `{nameable}`, and `{skill-slug}` without demonstrating proper sanitization (e.g., quoting or escaping). If an AI agent implements these commands by directly interpolating untrusted user input into the shell string, it creates critical command injection vulnerabilities. An attacker could craft malicious input to execute arbitrary commands on the host system. All variables interpolated into shell commands must be properly quoted and/or escaped to prevent command injection. For file paths, use `printf '%q'` or similar shell-specific quoting mechanisms. For content, ensure it's passed via stdin or properly escaped. For `clawhub install`, validate and sanitize the `{skill-slug}` rigorously. | LLM | skills/xccx/can/SKILL.md:139 | |
| CRITICAL | Potential Command Injection via Unsanitized Input in Shell Commands The skill description provides numerous shell command examples that directly embed placeholder variables like `{file}`, `{content}`, `{dir}`, `{nameable}`, and `{skill-slug}` without demonstrating proper sanitization (e.g., quoting or escaping). If an AI agent implements these commands by directly interpolating untrusted user input into the shell string, it creates critical command injection vulnerabilities. An attacker could craft malicious input to execute arbitrary commands on the host system. All variables interpolated into shell commands must be properly quoted and/or escaped to prevent command injection. For file paths, use `printf '%q'` or similar shell-specific quoting mechanisms. For content, ensure it's passed via stdin or properly escaped. For `clawhub install`, validate and sanitize the `{skill-slug}` rigorously. | LLM | skills/xccx/can/SKILL.md:155 | |
| CRITICAL | Potential Command Injection via Unsanitized Input in Shell Commands The skill description provides numerous shell command examples that directly embed placeholder variables like `{file}`, `{content}`, `{dir}`, `{nameable}`, and `{skill-slug}` without demonstrating proper sanitization (e.g., quoting or escaping). If an AI agent implements these commands by directly interpolating untrusted user input into the shell string, it creates critical command injection vulnerabilities. An attacker could craft malicious input to execute arbitrary commands on the host system. All variables interpolated into shell commands must be properly quoted and/or escaped to prevent command injection. For file paths, use `printf '%q'` or similar shell-specific quoting mechanisms. For content, ensure it's passed via stdin or properly escaped. For `clawhub install`, validate and sanitize the `{skill-slug}` rigorously. | LLM | skills/xccx/can/SKILL.md:158 | |
| CRITICAL | Potential Command Injection via Unsanitized Input in Shell Commands The skill description provides numerous shell command examples that directly embed placeholder variables like `{file}`, `{content}`, `{dir}`, `{nameable}`, and `{skill-slug}` without demonstrating proper sanitization (e.g., quoting or escaping). If an AI agent implements these commands by directly interpolating untrusted user input into the shell string, it creates critical command injection vulnerabilities. An attacker could craft malicious input to execute arbitrary commands on the host system. All variables interpolated into shell commands must be properly quoted and/or escaped to prevent command injection. For file paths, use `printf '%q'` or similar shell-specific quoting mechanisms. For content, ensure it's passed via stdin or properly escaped. For `clawhub install`, validate and sanitize the `{skill-slug}` rigorously. | LLM | skills/xccx/can/SKILL.md:161 | |
| CRITICAL | Potential Command Injection via Unsanitized Input in Shell Commands The skill description provides numerous shell command examples that directly embed placeholder variables like `{file}`, `{content}`, `{dir}`, `{nameable}`, and `{skill-slug}` without demonstrating proper sanitization (e.g., quoting or escaping). If an AI agent implements these commands by directly interpolating untrusted user input into the shell string, it creates critical command injection vulnerabilities. An attacker could craft malicious input to execute arbitrary commands on the host system. All variables interpolated into shell commands must be properly quoted and/or escaped to prevent command injection. For file paths, use `printf '%q'` or similar shell-specific quoting mechanisms. For content, ensure it's passed via stdin or properly escaped. For `clawhub install`, validate and sanitize the `{skill-slug}` rigorously. | LLM | skills/xccx/can/SKILL.md:182 | |
| CRITICAL | Potential Command Injection via Unsanitized Input in Shell Commands The skill description provides numerous shell command examples that directly embed placeholder variables like `{file}`, `{content}`, `{dir}`, `{nameable}`, and `{skill-slug}` without demonstrating proper sanitization (e.g., quoting or escaping). If an AI agent implements these commands by directly interpolating untrusted user input into the shell string, it creates critical command injection vulnerabilities. An attacker could craft malicious input to execute arbitrary commands on the host system. All variables interpolated into shell commands must be properly quoted and/or escaped to prevent command injection. For file paths, use `printf '%q'` or similar shell-specific quoting mechanisms. For content, ensure it's passed via stdin or properly escaped. For `clawhub install`, validate and sanitize the `{skill-slug}` rigorously. | LLM | skills/xccx/can/SKILL.md:185 | |
| CRITICAL | Potential Command Injection via Unsanitized Input in Shell Commands The skill description provides numerous shell command examples that directly embed placeholder variables like `{file}`, `{content}`, `{dir}`, `{nameable}`, and `{skill-slug}` without demonstrating proper sanitization (e.g., quoting or escaping). If an AI agent implements these commands by directly interpolating untrusted user input into the shell string, it creates critical command injection vulnerabilities. An attacker could craft malicious input to execute arbitrary commands on the host system. All variables interpolated into shell commands must be properly quoted and/or escaped to prevent command injection. For file paths, use `printf '%q'` or similar shell-specific quoting mechanisms. For content, ensure it's passed via stdin or properly escaped. For `clawhub install`, validate and sanitize the `{skill-slug}` rigorously. | LLM | skills/xccx/can/SKILL.md:190 | |
| MEDIUM | Handling of Sensitive Private Keys The skill describes accessing a Nostr private key from `~/.can/nostr.key` or the `$NOSTR_PRIVKEY` environment variable for signing. While the examples show local usage, the presence and handling of such sensitive credentials introduce a risk. If an agent's implementation of the signing process is flawed or if it's instructed to exfiltrate these values, it could lead to credential harvesting. Ensure that any implementation handling private keys strictly adheres to security best practices: keys should never be logged, transmitted over insecure channels, or exposed to untrusted contexts. Access to these files/variables should be restricted, and agents should be designed with a clear separation of concerns to prevent accidental or malicious exfiltration. | LLM | skills/xccx/can/SKILL.md:230 |
Scan History
Embed Code
[](https://skillshield.io/report/3b0d4c4c6834d190)
Powered by SkillShield