Trust Assessment
crustafarianism received a trust score of 14/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 15 findings: 3 critical, 8 high, 4 medium, and 0 low severity. Key findings include Sensitive environment variable access: $HOME, Remote code execution: curl/wget pipe to shell, Command Injection via unescaped variables in JSON payload.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 0/100, indicating areas for improvement.
Last analyzed on February 14, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings15
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Remote code execution: curl/wget pipe to shell Detected a pattern that downloads and immediately executes remote code. This is a primary malware delivery vector. Never pipe curl/wget output directly to a shell interpreter. | Static | skills/dvdegenz/crustafarianism/scripts/status.sh:10 | |
| CRITICAL | Command Injection via unescaped variables in JSON payload The `AGENT_NAME`, `FIRST_VERSE` (in `scripts/join.sh`), and the prophecy content (`$1` in `scripts/prophecy.sh`) are directly embedded into JSON payloads for `curl -d` without proper escaping. An attacker controlling `MOLT_AGENT_NAME`, `MOLT_PROPHECY`, or the first argument to `scripts/prophecy.sh` can inject arbitrary shell commands or manipulate the JSON structure, leading to command execution or unexpected behavior. Use `jq` to construct JSON payloads safely, or implement robust shell escaping for JSON special characters (double quotes, backslashes) and shell metacharacters. For example, `jq -n --arg name "$AGENT_NAME" --arg prophecy "$FIRST_VERSE" --arg description "Devout Crustafarian" --arg proof "$PROOF" '{name: $name, description: $description, prophecy: $prophecy, proof: $proof}'` | LLM | scripts/join.sh:78 | |
| CRITICAL | Command Injection via unescaped variables in JSON payload The prophecy content (`$1`) is directly embedded into the JSON payload for `curl -d` without proper escaping. An attacker controlling the first argument to `scripts/prophecy.sh` can inject arbitrary shell commands or manipulate the JSON structure, leading to command execution or unexpected behavior. Use `jq` to construct JSON payloads safely, or implement robust shell escaping for JSON special characters (double quotes, backslashes) and shell metacharacters. For example, `jq -n --arg content "$1" '{scripture_type: "prophecy", content: $content}'` | LLM | scripts/prophecy.sh:26 | |
| HIGH | Command Injection via unquoted variables in echo and here-doc The `AGENT_NAME` variable (derived from `MOLT_AGENT_NAME` or file content) is used unquoted in `echo` statements and within a `sha256sum` command. The `FIRST_VERSE` variable (derived from `MOLT_PROPHECY` or `AGENT_NAME`) is written to a markdown file using a here-doc. If an attacker controls these environment variables or the source files, they can inject shell metacharacters (e.g., `$(command)`) leading to arbitrary command execution. Always quote variables when using `echo` (e.g., `echo -e "${MOLT_DIM}Agent: ${AGENT_NAME}${MOLT_RESET}"`). For here-docs, escape variables or use `printf %s` to prevent shell expansion. For `sha256sum`, ensure the input is sanitized or passed via stdin. | LLM | scripts/join.sh:50 | |
| HIGH | Command Injection via unquoted variables in echo and here-doc The `FIRST_VERSE` variable (derived from `MOLT_PROPHECY` or `AGENT_NAME`) is used unquoted in `echo` statements and written to a markdown file using a here-doc. If an attacker controls these environment variables or the source files, they can inject shell metacharacters (e.g., `$(command)`) leading to arbitrary command execution. Always quote variables when using `echo` (e.g., `echo "${FIRST_VERSE}"`). For here-docs, escape variables or use `printf %s` to prevent shell expansion. For `sha256sum`, ensure the input is sanitized or passed via stdin. | LLM | scripts/join.sh:62 | |
| HIGH | Command Injection via unquoted variables in echo and here-doc The `AGENT_NAME` variable (derived from `MOLT_AGENT_NAME` or file content) is used unquoted within the `echo -n` command piped to `sha256sum`. If an attacker controls this environment variable or the source files, they can inject shell metacharacters (e.g., `$(command)`) leading to arbitrary command execution. Always quote variables when using `echo` (e.g., `echo -n "molt-${AGENT_NAME}-${TODAY}"`). For here-docs, escape variables or use `printf %s` to prevent shell expansion. For `sha256sum`, ensure the input is sanitized or passed via stdin. | LLM | scripts/join.sh:69 | |
| HIGH | Command Injection via unquoted variables in echo and here-doc The `FIRST_VERSE` variable (derived from `MOLT_PROPHECY` or `AGENT_NAME`) is written to a markdown file using a here-doc. If an attacker controls these environment variables or the source files, they can inject shell metacharacters (e.g., `$(command)`) leading to arbitrary command execution. Always quote variables when using `echo` (e.g., `echo "${FIRST_VERSE}"`). For here-docs, escape variables or use `printf %s` to prevent shell expansion. For `sha256sum`, ensure the input is sanitized or passed via stdin. | LLM | scripts/join.sh:130 | |
| HIGH | Command Injection via unquoted variables in echo and here-doc The `AGENT` variable (extracted from `credentials.json`) is used unquoted in an `echo` statement. If an attacker can manipulate the `agent_name` field in `credentials.json` (which is populated by `scripts/join.sh` using potentially malicious input), they can inject shell metacharacters (e.g., `$(command)`) leading to arbitrary command execution. Always quote variables when using `echo` (e.g., `echo "Registered as: ${AGENT}"`). | LLM | scripts/status.sh:30 | |
| HIGH | Data Exfiltration via configurable API base URL The `API_BASE` URL for all `curl` commands is configurable via the `MOLT_API_BASE` environment variable. An attacker can set this variable to a malicious server, redirecting all API traffic. This allows exfiltration of sensitive data such as the agent's name, prophecy content, proof-of-work, and the generated API key (in `scripts/join.sh` and `scripts/prophecy.sh`). Hardcode the `API_BASE` URL or implement strict validation if it must be configurable. If configurable, ensure it's only set by trusted sources and validated against a whitelist of allowed domains. | LLM | scripts/join.sh:7 | |
| HIGH | Data Exfiltration via configurable API base URL The `API_BASE` URL for all `curl` commands is configurable via the `MOLT_API_BASE` environment variable. An attacker can set this variable to a malicious server, redirecting all API traffic. This allows exfiltration of sensitive data such as the prophecy content and the API key. Hardcode the `API_BASE` URL or implement strict validation if it must be configurable. If configurable, ensure it's only set by trusted sources and validated against a whitelist of allowed domains. | LLM | scripts/prophecy.sh:4 | |
| HIGH | Data Exfiltration via configurable API base URL The `API_BASE` URL for all `curl` commands is configurable via the `MOLT_API_BASE` environment variable. An attacker can set this variable to a malicious server, redirecting all API traffic. This allows exfiltration of the agent's status request. Hardcode the `API_BASE` URL or implement strict validation if it must be configurable. If configurable, ensure it's only set by trusted sources and validated against a whitelist of allowed domains. | LLM | scripts/status.sh:4 | |
| MEDIUM | Sensitive environment variable access: $HOME Access to sensitive environment variable '$HOME' detected in shell context. Verify this environment variable access is necessary and the value is not exfiltrated. | Static | skills/dvdegenz/crustafarianism/scripts/join.sh:8 | |
| MEDIUM | Sensitive environment variable access: $HOME Access to sensitive environment variable '$HOME' detected in shell context. Verify this environment variable access is necessary and the value is not exfiltrated. | Static | skills/dvdegenz/crustafarianism/scripts/prophecy.sh:5 | |
| MEDIUM | Sensitive environment variable access: $HOME Access to sensitive environment variable '$HOME' detected in shell context. Verify this environment variable access is necessary and the value is not exfiltrated. | Static | skills/dvdegenz/crustafarianism/scripts/status.sh:29 | |
| MEDIUM | Potential for unintended file writes due to flexible workspace detection The `scripts/join.sh` script determines the `WORKSPACE` based on `$HOME/clawd`, `/root/clawd`, or the current working directory (`$PWD`). If the script is executed from an arbitrary directory (e.g., `/tmp` or a sensitive system directory), it will write `SOUL.md` and `memory/molt-initiation.md` to that location. While the content written is not inherently malicious, writing to an unexpected location could overwrite existing files or fill up sensitive directories, leading to denial of service or data corruption. Restrict the `WORKSPACE` to a known, safe, and agent-specific directory (e.g., `$HOME/.molt_agent_data`). Avoid using `$PWD` for writing persistent data unless explicitly intended and secured. | LLM | scripts/join.sh:20 |
Scan History
Embed Code
[](https://skillshield.io/report/ba39661fe8a361af)
Powered by SkillShield