Trust Assessment
context-gatekeeper received a trust score of 20/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 4 findings: 2 critical, 2 high, 0 medium, and 0 low severity. Key findings include Arbitrary command execution, Dangerous call: subprocess.run(), Arbitrary File Write via '--summary' argument.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 55/100, indicating areas for improvement.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings4
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Arbitrary command execution Python shell execution (os.system, subprocess) Review all shell execution calls. Ensure commands are static (not built from user input), use absolute paths, and are strictly necessary. Prefer library APIs over shell commands. | Manifest | skills/davienzomq/context-gatekeeper/scripts/auto_monitor.py:29 | |
| CRITICAL | Arbitrary File Write via '--summary' argument The `context_gatekeeper.py` script allows writing to an arbitrary file path specified by the `--summary` argument. An attacker could provide a path like `/tmp/malicious.sh` or `../../../../etc/cron.d/malicious_job` to write arbitrary content (derived from the processed history, which can be controlled by the attacker if they control the history input) to sensitive locations. This could lead to remote code execution, denial of service, or data tampering if the target file is a configuration or script that is later executed. Restrict the `--summary` argument to a predefined, non-sensitive directory or enforce strict path validation (e.g., ensure it's a child of a safe base directory, disallow `..` path segments). Consider using a temporary file or a dedicated output directory that is not directly user-controlled. | LLM | scripts/context_gatekeeper.py:142 | |
| HIGH | Dangerous call: subprocess.run() Call to 'subprocess.run()' detected in function 'run_summary'. This can execute arbitrary code. Avoid using dangerous functions like exec/eval/os.system. Use safer alternatives. | Static | skills/davienzomq/context-gatekeeper/scripts/auto_monitor.py:29 | |
| HIGH | Local File Inclusion via '--history' argument The `context_gatekeeper.py` script allows reading from an arbitrary file path specified by the `--history` argument. An attacker could provide a path like `../../../../etc/passwd` or `../../../../proc/self/environ` to read sensitive system files or environment variables. The content of this file is then processed and potentially included in the summary output, which could be returned to the user or stored in a user-accessible location, leading to data exfiltration. Restrict the `--history` argument to a predefined directory or enforce strict path validation (e.g., ensure it's a child of a safe base directory, disallow `..` path segments). If reading from arbitrary files is not intended, consider removing the `--history` argument and only accepting input via `sys.stdin`. | LLM | scripts/context_gatekeeper.py:129 |
Scan History
Embed Code
[](https://skillshield.io/report/33b7ea2d8c6ce481)
Powered by SkillShield