Trust Assessment
clauditor received a trust score of 10/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 14 findings: 7 critical, 7 high, 0 medium, and 0 low severity. Key findings include Persistence / self-modification instructions, Persistence mechanism: systemd service, Command Injection via eval with path-derived variable.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The Manifest Analysis layer scored lowest at 0/100, indicating areas for improvement.
Last analyzed on February 12, 2026 (commit 5acc5677). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings14
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Persistence / self-modification instructions systemd service persistence Remove any persistence mechanisms. Skills should not modify system startup configurations, crontabs, LaunchAgents, systemd services, or shell profiles. | Manifest | skills/apollostreetcompany/clauditor/wizard/install.sh:103 | |
| CRITICAL | Persistence / self-modification instructions systemd service persistence Remove any persistence mechanisms. Skills should not modify system startup configurations, crontabs, LaunchAgents, systemd services, or shell profiles. | Manifest | skills/apollostreetcompany/clauditor/wizard/install.sh:104 | |
| CRITICAL | Persistence / self-modification instructions systemd service persistence Remove any persistence mechanisms. Skills should not modify system startup configurations, crontabs, LaunchAgents, systemd services, or shell profiles. | Manifest | skills/apollostreetcompany/clauditor/wizard/wizard.sh:238 | |
| CRITICAL | Persistence / self-modification instructions systemd service persistence Remove any persistence mechanisms. Skills should not modify system startup configurations, crontabs, LaunchAgents, systemd services, or shell profiles. | Manifest | skills/apollostreetcompany/clauditor/wizard/wizard.sh:239 | |
| CRITICAL | Persistence / self-modification instructions systemd service persistence Remove any persistence mechanisms. Skills should not modify system startup configurations, crontabs, LaunchAgents, systemd services, or shell profiles. | Manifest | skills/apollostreetcompany/clauditor/wizard/wizard.sh:240 | |
| CRITICAL | Persistence / self-modification instructions systemd service persistence Remove any persistence mechanisms. Skills should not modify system startup configurations, crontabs, LaunchAgents, systemd services, or shell profiles. | Manifest | skills/apollostreetcompany/clauditor/wizard/wizard.sh:241 | |
| CRITICAL | Command Injection via eval with path-derived variable The `run_cmd` function in `wizard/wizard.sh` uses `eval` to execute commands constructed from interpolated variables. The `REPO_ROOT` variable, which is derived from the script's own execution path (`BASH_SOURCE[0]`), is interpolated into these commands. If an attacker can control the path where the script is located or executed from, they can inject shell metacharacters (e.g., single quotes or semicolons) into `BASH_SOURCE[0]`. This can lead to `REPO_ROOT` containing such metacharacters, which will break the single-quoting within `eval`, leading to arbitrary command execution with root privileges. Avoid using `eval` for executing commands. Instead, use direct command calls with proper argument arrays or `bash -c` with explicit argument passing to prevent shell metacharacter interpretation. Ensure all path variables are properly sanitized or quoted for literal interpretation, especially when derived from potentially attacker-controlled sources like the execution path. | LLM | wizard/wizard.sh:50 | |
| HIGH | Persistence mechanism: systemd service Detected systemd service pattern. Persistence mechanisms allow malware to survive system restarts. Review this persistence pattern. Skills should not modify system startup configuration. | Static | skills/apollostreetcompany/clauditor/wizard/install.sh:103 | |
| HIGH | Persistence mechanism: systemd service Detected systemd service pattern. Persistence mechanisms allow malware to survive system restarts. Review this persistence pattern. Skills should not modify system startup configuration. | Static | skills/apollostreetcompany/clauditor/wizard/install.sh:104 | |
| HIGH | Persistence mechanism: systemd service Detected systemd service pattern. Persistence mechanisms allow malware to survive system restarts. Review this persistence pattern. Skills should not modify system startup configuration. | Static | skills/apollostreetcompany/clauditor/wizard/wizard.sh:238 | |
| HIGH | Persistence mechanism: systemd service Detected systemd service pattern. Persistence mechanisms allow malware to survive system restarts. Review this persistence pattern. Skills should not modify system startup configuration. | Static | skills/apollostreetcompany/clauditor/wizard/wizard.sh:239 | |
| HIGH | Persistence mechanism: systemd service Detected systemd service pattern. Persistence mechanisms allow malware to survive system restarts. Review this persistence pattern. Skills should not modify system startup configuration. | Static | skills/apollostreetcompany/clauditor/wizard/wizard.sh:240 | |
| HIGH | Persistence mechanism: systemd service Detected systemd service pattern. Persistence mechanisms allow malware to survive system restarts. Review this persistence pattern. Skills should not modify system startup configuration. | Static | skills/apollostreetcompany/clauditor/wizard/wizard.sh:241 | |
| HIGH | Insecure 'curl | sudo bash' installation method The `wizard/install.sh` script, provided as a supporting file, advertises a `curl -sSL <url> | sudo bash` installation method in its comments. This method downloads and executes code directly from a remote URL without verification, posing a significant supply chain risk. It bypasses package managers and integrity checks, making the installation vulnerable to supply chain attacks if the remote content is compromised or the URL is redirected. While the script itself checks for a local binary, the advertised usage pattern is inherently insecure. Remove or strongly discourage the `curl | sudo bash` installation method. Instead, recommend secure installation practices such as using official package repositories, signed packages, or explicit download, verification (e.g., checksums), and local execution. | LLM | wizard/install.sh:17 |
Scan History
Embed Code
[](https://skillshield.io/report/0153164efb248ea9)
Powered by SkillShield