Trust Assessment
cc-godmode received a trust score of 72/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 3 findings: 0 critical, 2 high, 0 medium, and 1 low severity. Key findings include Potential Command Injection via Bash tool, Excessive Permissions Granted to Agents, Unpinned Third-Party Dependency in Build Script.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 68/100, indicating areas for improvement.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings3
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Potential Command Injection via Bash tool Multiple agents are explicitly granted the 'Bash' tool, and the skill's instructions show examples of constructing Bash commands using user-controlled input (e.g., `[desc]`, `[type]`, `[X]`). If these inputs are not rigorously sanitized before being interpolated into shell commands, an attacker could inject arbitrary commands, leading to remote code execution on the host system. This is a direct and credible exploit path. Implement strict input validation and sanitization for all user-controlled data before it is used to construct Bash commands. Consider using safer alternatives to direct shell execution where possible, or ensure commands are executed within a highly restricted and sandboxed environment. | LLM | SKILL.md:100 | |
| HIGH | Excessive Permissions Granted to Agents The skill grants several agents highly privileged tools:
- 'Bash': Allows arbitrary command execution on the host system.
- 'GitHub MCP': Grants '@github-manager' 'full access to GitHub MCP Server', enabling broad repository manipulation (issues, PRs, releases).
- 'Write' and 'Edit': Allow modification of arbitrary files within the skill's operational scope.
While the skill includes a rule 'NEVER git push without permission', the underlying permissions are inherently broad and pose a significant risk if the skill's logic is compromised or misdirected. This level of access could lead to data loss, unauthorized code changes, or system compromise. Implement the principle of least privilege. Restrict agent tools and their scope to the absolute minimum required for their function. For Bash, use sandboxed environments or specific, whitelisted commands. For GitHub MCP, define granular permissions rather than 'full access'. Ensure file system operations are confined to dedicated, isolated directories. | LLM | SKILL.md:60 | |
| LOW | Unpinned Third-Party Dependency in Build Script The `scripts/build-skill.js` file uses the `glob` package (`const { glob } = require('glob');`). Without a `package.json` or similar dependency manifest, it's impossible to verify if this dependency is pinned to a specific version. Unpinned dependencies can introduce supply chain risks, as updates to the package could inadvertently include malicious code or vulnerabilities. Ensure all third-party dependencies are explicitly pinned to specific versions in a `package.json` or equivalent manifest file. Regularly audit and update dependencies to mitigate known vulnerabilities. | LLM | scripts/build-skill.js:12 |
Scan History
Embed Code
[](https://skillshield.io/report/9548f0aea98aaab6)
Powered by SkillShield