Trust Assessment
claude-sdk received a trust score of 65/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 4 findings: 1 critical, 2 high, 1 medium, and 0 low severity. Key findings include Arbitrary Command Execution via 'Bash' tool, Broad Filesystem Access via File Operation Tools, Command Execution via Plugin Hooks.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 33/100, indicating areas for improvement.
Last analyzed on February 14, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings4
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Arbitrary Command Execution via 'Bash' tool The 'Bash' tool explicitly allows the execution of arbitrary shell commands. If an AI agent's input can influence the 'command' argument, this presents a critical command injection vulnerability, enabling an attacker to execute any command on the host system with the privileges of the agent. Implement strict input validation and sanitization for any arguments passed to the 'Bash' tool. Consider using a more restricted execution environment (e.g., sandboxed containers) or specific, pre-approved commands instead of arbitrary shell execution. Limit the agent's ability to construct arbitrary 'Bash' commands from untrusted input. | LLM | SKILL.md:39 | |
| HIGH | Broad Filesystem Access via File Operation Tools The 'Read', 'Write', 'Edit', 'Glob', and 'Grep' tools provide extensive access to the filesystem, including reading, writing, and modifying files at arbitrary paths. This constitutes excessive permissions for many AI agent tasks and creates a significant risk of data exfiltration, unauthorized modification, or system compromise if an agent is manipulated or misdirected. Implement granular access controls for file operations, restricting access to specific directories or file types. Validate and sanitize all file paths provided to these tools. Consider sandboxing the agent's environment to limit its filesystem view. | LLM | SKILL.md:12 | |
| HIGH | Command Execution via Plugin Hooks The skill's hook configuration allows for the execution of shell commands (e.g., 'post-task.sh') in response to certain events. If the command path, arguments, or the script's content can be influenced by untrusted input or if the script itself is vulnerable, this can lead to command injection. Ensure that all commands executed via hooks are fixed, trusted scripts. Avoid constructing command strings from untrusted input. Implement strict validation for any variables used in hook commands (e.g., CLAUDE_PLUGIN_ROOT). Review the content of all scripts executed by hooks for potential vulnerabilities. | LLM | SKILL.md:90 | |
| MEDIUM | Potential for Chained Exploits via Agent/Skill/SlashCommand Tools The 'Task', 'Skill', and 'SlashCommand' tools allow an agent to invoke other sub-agents, skills, or plugin commands. While not a direct vulnerability in isolation, this capability increases the attack surface and the potential for chained exploits or privilege escalation if any invoked component has its own vulnerabilities or excessive permissions. Implement a robust permission model for inter-agent/skill communication. Ensure that sub-agents and skills are invoked with the principle of least privilege. Carefully audit all callable skills and commands for their own security posture and potential for misuse. | LLM | SKILL.md:52 |
Scan History
Embed Code
[](https://skillshield.io/report/e0d06af758630d96)
Powered by SkillShield