Trust Assessment
civic-nexus received a trust score of 72/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 4 findings: 0 critical, 1 high, 2 medium, and 1 low severity. Key findings include Unpinned npm dependency version, Node lockfile missing, Potential Command Injection via unescaped arguments in shell calls.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings4
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Potential Command Injection via unescaped arguments in shell calls The `SKILL.md` instructs the agent to execute shell commands using `mcporter` and `npx tsx`. These commands take arguments, such as tool names, search queries, and JSON argument strings (`--args`). If the agent constructs these shell commands by directly embedding untrusted user input into the arguments without proper shell escaping, an attacker could inject arbitrary shell commands. For example, by manipulating the `--args` JSON string (as shown in line 70) or the `query` parameter within the `mcporter call` (as shown in line 59), an attacker could break out of the intended argument and execute arbitrary commands on the host system. While the `nexus-tool-runner.ts` script itself uses `JSON.parse` which would prevent direct code execution within the script from malformed JSON, the vulnerability lies in the shell's interpretation of the command string *before* the script is invoked. The agent should ensure all user-provided input used in shell commands is properly escaped for the shell environment. For JSON arguments, the entire JSON string should be properly quoted and escaped to prevent shell metacharacters from being interpreted. Consider using a library or helper function that safely constructs shell commands, or pass arguments via environment variables or temporary files if direct command-line arguments are too risky. | LLM | SKILL.md:70 | |
| MEDIUM | Unpinned npm dependency version Dependency '@modelcontextprotocol/sdk' is not pinned to an exact version ('^1.25.2'). Pin dependencies to exact versions to reduce drift and supply-chain risk. | Dependencies | skills/tyronemichael/civic-nexus/package.json | |
| MEDIUM | Unpinned dependencies in package.json The `package.json` specifies dependencies with caret (`^`) ranges (e.g., `@modelcontextprotocol/sdk: ^1.25.2`, `tsx: ^4.19.0`). This allows minor and patch versions to be automatically updated, which could introduce breaking changes, vulnerabilities, or even malicious code if a dependency maintainer's account is compromised. This is a common supply chain risk. Pin dependencies to exact versions (e.g., `1.25.2`) to ensure deterministic builds and prevent unexpected changes. Use a lock file (`package-lock.json` or `yarn.lock`) to record exact versions of all dependencies and sub-dependencies. Regularly audit and update dependencies. | LLM | package.json:20 | |
| LOW | Node lockfile missing package.json is present but no lockfile was found (package-lock.json, pnpm-lock.yaml, or yarn.lock). Commit a lockfile for deterministic dependency resolution. | Dependencies | skills/tyronemichael/civic-nexus/package.json |
Scan History
Embed Code
[](https://skillshield.io/report/23f40f81ff5342d2)
Powered by SkillShield