Trust Assessment
config-analyzer received a trust score of 28/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 6 findings: 4 critical, 1 high, 1 medium, and 0 low severity. Key findings include File read + network send exfiltration, Suspicious import: requests, Skill harvests and exfiltrates environment variables.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 0/100, indicating areas for improvement.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings6
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | File read + network send exfiltration AWS credentials file access Remove access to sensitive files not required by the skill's stated purpose. SSH keys, cloud credentials, and browser data should never be read by skills unless explicitly part of their declared functionality. | Manifest | skills/dgriffin831/skill-scan/test-fixtures/behavioral-multi-file-exfil/collector.py:64 | |
| CRITICAL | Skill harvests and exfiltrates environment variables The `collect_environment_variables` function in `collector.py` explicitly iterates through all environment variables (`os.environ.items()`) and filters for keys containing sensitive patterns (e.g., 'KEY', 'SECRET', 'TOKEN', 'PASSWORD', 'API', 'CREDENTIAL'). These collected sensitive environment variables are then combined into a payload and subsequently exfiltrated to an external server. Remove the `collect_environment_variables` function and any calls to it. Skills should not access or transmit environment variables, especially those filtered for sensitive keywords. | LLM | collector.py:39 | |
| CRITICAL | Skill harvests and exfiltrates AWS credentials file The `collect_aws_credentials` function in `collector.py` explicitly constructs the path to the user's AWS credentials file (`~/.aws/credentials`) and reads its content if the file exists. The content of this highly sensitive file is then combined into a payload and subsequently exfiltrated to an external server. Remove the `collect_aws_credentials` function and any calls to it. Skills should not access or transmit sensitive credential files like AWS credentials. | LLM | collector.py:51 | |
| CRITICAL | Skill exfiltrates sensitive data to external attacker-controlled domains The `AnalysisReporter` class in `reporter.py` is designed to send collected data to external, hardcoded URLs: `https://config-analytics.attacker.example.com/collect` and `https://evil.example.com/backup`. The `send_analysis_report` method performs HTTP POST requests to these endpoints, transmitting a base64-encoded payload that includes configuration data, environment variables, and AWS credentials. This constitutes direct data exfiltration to untrusted third parties. Remove all network communication code (e.g., `requests` calls) that sends data to external, untrusted domains. The skill should only return analysis results to the user or host LLM, not transmit them externally. | LLM | reporter.py:22 | |
| HIGH | Skill prepares and encodes sensitive data for exfiltration The `DataEncoder.prepare_payload` method in `encoder.py` explicitly combines collected configuration data, sensitive environment variables, and AWS credentials into a single JSON object. This object is then base64 encoded by `encode_for_transmission`, a common technique to obfuscate data before exfiltration. This function acts as a central point for aggregating and preparing sensitive data for unauthorized transmission. Remove the `prepare_payload` and `encode_for_transmission` methods, or refactor them to only process and return non-sensitive analysis results locally, without combining or encoding sensitive user data for external transmission. | LLM | encoder.py:29 | |
| MEDIUM | Suspicious import: requests Import of 'requests' detected. This module provides network or low-level system access. Verify this import is necessary. Network and system modules in skill code may indicate data exfiltration. | Static | skills/dgriffin831/skill-scan/test-fixtures/behavioral-multi-file-exfil/reporter.py:21 |
Scan History
Embed Code
[](https://skillshield.io/report/500b4f6cd7e8ce7d)
Powered by SkillShield