Trust Assessment
clinkding received a trust score of 65/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 3 findings: 2 critical, 1 high, 0 medium, and 0 low severity. Key findings include Unpinned Go dependency in manifest, Potential command injection via untrusted URL in `clinkding` command, Potential command injection via untrusted URL in `summarize` skill command.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 25/100, indicating areas for improvement.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings3
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Potential command injection via untrusted URL in `clinkding` command The skill instructs the agent to use user-provided URLs directly as arguments to `clinkding bookmarks create`. If the agent does not properly sanitize or quote the user-provided URL before execution, a malicious user could inject arbitrary shell commands (e.g., `https://example.com; rm -rf /`). This is explicitly shown in the 'Save URL from Conversation' section where `https://example.com` is a placeholder for user input. The agent must strictly sanitize and properly quote/escape any user-provided URL before passing it as an argument to `clinkding`. For example, using a library function that handles shell escaping or ensuring the command is executed via a safe API that prevents shell interpretation of arguments. | LLM | SKILL.md:199 | |
| CRITICAL | Potential command injection via untrusted URL in `summarize` skill command The skill instructs the agent to use user-provided URLs directly as arguments to the `summarize url` command. If the agent does not properly sanitize or quote the user-provided URL before execution, a malicious user could inject arbitrary shell commands. This is explicitly shown in the 'Agent Workflows for Smart Bookmark Creation' section where `https://github.com/awesome/project` is a placeholder for user input. The agent must strictly sanitize and properly quote/escape any user-provided URL before passing it as an argument to the `summarize` skill. For example, using a library function that handles shell escaping or ensuring the command is executed via a safe API that prevents shell interpretation of arguments. | LLM | SKILL.md:260 | |
| HIGH | Unpinned Go dependency in manifest The skill's manifest specifies `github.com/daveonkels/clinkding@latest` for Go installation. Using `@latest` means the dependency is unpinned, which can lead to unexpected behavior, breaking changes, or the introduction of malicious code if the upstream repository is compromised. This violates supply chain security best practices. Pin the Go dependency to a specific version or commit hash (e.g., `github.com/daveonkels/clinkding@v1.2.3`) to ensure deterministic builds and reduce the risk of unexpected changes. | LLM | SKILL.md |
Scan History
Embed Code
[](https://skillshield.io/report/a194c67e52484379)
Powered by SkillShield