Trust Assessment
context-checkpoint received a trust score of 77/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.
SkillShield's automated analysis identified 3 findings: 0 critical, 1 high, 1 medium, and 1 low severity. Key findings include Missing required field: name, Command Injection via Malicious Filenames in cleanup.sh, Misleading Security Claims in SKILL.md.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings3
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Command Injection via Malicious Filenames in cleanup.sh The `cleanup.sh` script uses `echo "$to_delete" | xargs rm -f` to delete old checkpoint files. The `to_delete` variable contains a list of filenames obtained from `ls -t`. If a malicious actor can create a file in the `CHECKPOINT_DIR` with a name that starts with a hyphen (e.g., `-rf /` or `--help`), `rm -f` will interpret this as an option rather than a filename. This could lead to arbitrary file deletion (e.g., `rm -rf /`) or other unintended commands being executed by `rm` with elevated privileges if the script is run as root. To prevent `rm` from interpreting filenames as options, use `rm -f -- "$file"` for each file. This can be achieved by iterating through the filenames in a `while read` loop instead of piping to `xargs`. Alternatively, if `find` were used to generate the list of files, `find ... -print0 | xargs -0 rm -f --` would be a robust solution. | LLM | cleanup.sh:20 | |
| MEDIUM | Missing required field: name The 'name' field is required for claude_code skills but is missing from frontmatter. Add a 'name' field to the SKILL.md frontmatter. | Static | skills/luluf0x/context-checkpoint/SKILL.md:1 | |
| LOW | Misleading Security Claims in SKILL.md The `SKILL.md` file contains misleading statements under 'Security Considerations', specifically 'No exec: Just file operations.' This is inaccurate as the skill package includes multiple shell scripts (`.sh` files) that explicitly execute various shell commands such as `mkdir`, `cat`, `ln`, `ls`, `grep`, `awk`, `sed`, `xargs`, and `rm`. This misrepresentation could lead users to underestimate the security implications and potential attack surface of running the skill, as shell execution inherently carries more risk than 'just file operations' implies. Update the 'Security Considerations' section in `SKILL.md` to accurately reflect that the skill executes shell commands for file operations. Clearly state the types of commands used and their scope, providing a more transparent assessment of the skill's security posture. | LLM | SKILL.md:49 |
Scan History
Embed Code
[](https://skillshield.io/report/a3fab12de1807ef5)
Powered by SkillShield