Trust Assessment
competitor-teardown received a trust score of 10/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 4 findings: 3 critical, 0 high, 1 medium, and 0 low severity. Key findings include Arbitrary command execution, Remote code execution: curl/wget pipe to shell, Arbitrary Code Execution via `infsh/python-executor` with Broad Bash Permissions.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 63/100, indicating areas for improvement.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings4
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Arbitrary command execution Remote code download piped to interpreter Review all shell execution calls. Ensure commands are static (not built from user input), use absolute paths, and are strictly necessary. Prefer library APIs over shell commands. | Manifest | skills/okaris/competitor-teardown/SKILL.md:9 | |
| CRITICAL | Remote code execution: curl/wget pipe to shell Detected a pattern that downloads and immediately executes remote code. This is a primary malware delivery vector. Never pipe curl/wget output directly to a shell interpreter. | Static | skills/okaris/competitor-teardown/SKILL.md:9 | |
| CRITICAL | Arbitrary Code Execution via `infsh/python-executor` with Broad Bash Permissions The skill's manifest declares `Bash(infsh *)` as an allowed tool, which permits the agent to execute any command starting with `infsh`. The skill then explicitly uses `infsh app run infsh/python-executor`, a tool that allows the execution of arbitrary Python code. This combination creates a critical vulnerability: if the `code` argument to `infsh/python-executor` can be influenced by untrusted user input to the skill, an attacker could inject and execute malicious Python code, leading to full system compromise within the agent's execution environment. This represents both a command injection risk and an excessive permission issue, as the broad `Bash(infsh *)` permission enables the use of such a dangerous tool. 1. **Restrict `allowed-tools`**: Narrow the `Bash` permission in the manifest to explicitly list only the necessary `infsh app run` commands, excluding `infsh/python-executor` if possible. 2. **Sandbox `python-executor`**: If `infsh/python-executor` is essential, ensure it runs in a strictly sandboxed environment with minimal privileges and network access. 3. **Validate `code` input**: Implement robust validation and sanitization for the `code` argument, ensuring it never incorporates untrusted user input directly. Ideally, use a templating approach or a more specialized tool that doesn't allow arbitrary code. | LLM | SKILL.md:200 | |
| MEDIUM | Unsafe `curl | sh` Installation Method in Documentation The "Quick Start" section of the skill's documentation instructs users to install the `inference.sh` CLI by piping the output of `curl -fsSL https://cli.inference.sh` directly into `sh`. This practice is highly insecure as it executes arbitrary code downloaded from the internet without prior review, posing a significant supply chain risk. If `cli.inference.sh` were compromised, users following these instructions could unknowingly execute malicious code on their systems. While this is a human instruction and not an agent runtime command, it is part of the skill's context and promotes an unsafe security practice. Advise users to review the script before execution (e.g., `curl -fsSL https://cli.inference.sh > install.sh && less install.sh && sh install.sh`). Provide alternative, more secure installation methods (e.g., package managers, signed binaries) that do not rely on direct piping to `sh`. | LLM | SKILL.md:10 |
Scan History
Embed Code
[](https://skillshield.io/report/21a75c068f659ab4)
Powered by SkillShield