Trust Assessment
db-query received a trust score of 10/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 10 findings: 4 critical, 4 high, 2 medium, and 0 low severity. Key findings include Arbitrary command execution, Dangerous call: subprocess.Popen(), Dangerous call: subprocess.run().
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 0/100, indicating areas for improvement.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings10
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Arbitrary command execution Python shell execution (os.system, subprocess) Review all shell execution calls. Ensure commands are static (not built from user input), use absolute paths, and are strictly necessary. Prefer library APIs over shell commands. | Manifest | skills/zenixp/db-query/scripts/db_query.py:95 | |
| CRITICAL | Arbitrary command execution Python shell execution (os.system, subprocess) Review all shell execution calls. Ensure commands are static (not built from user input), use absolute paths, and are strictly necessary. Prefer library APIs over shell commands. | Manifest | skills/zenixp/db-query/scripts/db_query.py:149 | |
| CRITICAL | Unsanitized SQL query passed to mysql client The 'query' argument, provided by the user via the command line, is directly inserted into the 'mysql' command-line client's '-e' option without any sanitization. This allows for arbitrary SQL injection, enabling an attacker to execute malicious SQL commands, bypass authentication, or exfiltrate data from the database. Do not pass raw user input directly to shell commands. Use a proper database connector library (e.g., 'mysql-connector-python') with parameterized queries to prevent SQL injection. If using the 'mysql' client is unavoidable, strictly validate and sanitize the query, or consider using a temporary file for the query and passing the file path to 'mysql'. | LLM | scripts/db_query.py:201 | |
| CRITICAL | MySQL password exposed in process list The MySQL database password is passed as a command-line argument ('-p{password}') to the 'mysql' client. This makes the password visible in the system's process list ('ps aux'), allowing any user with sufficient permissions to view running processes to easily retrieve the plaintext password. Avoid passing sensitive credentials as command-line arguments. Use environment variables, secure credential stores, or interactive password prompts. For 'mysql' client, consider using a '.my.cnf' file with appropriate permissions or the 'MYSQL_PWD' environment variable (though 'MYSQL_PWD' is also visible to child processes). | LLM | scripts/db_query.py:199 | |
| HIGH | Dangerous call: subprocess.Popen() Call to 'subprocess.Popen()' detected in function 'start_ssh_tunnel'. This can execute arbitrary code. Avoid using dangerous functions like exec/eval/os.system. Use safer alternatives. | Static | skills/zenixp/db-query/scripts/db_query.py:95 | |
| HIGH | Dangerous call: subprocess.run() Call to 'subprocess.run()' detected in function 'execute_mysql_query'. This can execute arbitrary code. Avoid using dangerous functions like exec/eval/os.system. Use safer alternatives. | Static | skills/zenixp/db-query/scripts/db_query.py:149 | |
| HIGH | Unsanitized SSH parameters used in subprocess.Popen The 'ssh_host' and 'ssh_user' values, sourced from the configuration file, are directly inserted into the 'ssh' command executed via 'subprocess.Popen'. If these configuration values contain shell metacharacters (e.g., ';', '&', '|', '`'), an attacker who can modify the configuration file could execute arbitrary shell commands on the system running the skill. Ensure all user-controlled inputs passed to 'subprocess' commands are properly sanitized or, preferably, use a library that handles command arguments safely (e.g., 'paramiko' for SSH) instead of directly invoking shell commands. If using 'subprocess', ensure 'shell=False' (which is the default and correctly used here) and carefully validate each argument. For 'sshpass', consider if it's truly necessary or if key-based authentication can be enforced. | LLM | scripts/db_query.py:107 | |
| HIGH | SSH host key checking disabled The 'start_ssh_tunnel' function explicitly disables 'StrictHostKeyChecking' and 'UserKnownHostsFile' by setting them to 'no' and '/dev/null' respectively. This bypasses a critical security mechanism that verifies the identity of the remote SSH server. An attacker could perform a Man-in-the-Middle (MitM) attack by impersonating the SSH server, potentially intercepting credentials or other sensitive data. Remove or set 'StrictHostKeyChecking=yes' and allow SSH to manage 'known_hosts' normally. If the host key changes, the user should be prompted to verify. For automated systems, pre-populate 'known_hosts' or use a trusted host key management system. | LLM | scripts/db_query.py:105 | |
| MEDIUM | Arbitrary configuration file path allowed The 'db_query.py' script allows specifying an arbitrary path for the configuration file via the '--config' command-line argument. This means the skill can be instructed to load sensitive database credentials and SSH tunnel configurations from any file on the system, potentially leading to information disclosure or loading of malicious configurations if an attacker can control this argument. Restrict the '--config' argument to a predefined set of safe paths or disallow it entirely, relying only on the default configuration path. If custom paths are necessary, implement strict validation to ensure the path is within an expected and secure directory. | LLM | scripts/db_query.py:260 | |
| MEDIUM | Plaintext passwords stored in configuration file The skill's configuration file ('db-config.json') stores database and SSH tunnel passwords in plaintext. While the script itself doesn't harvest them, this practice makes credentials vulnerable to unauthorized access by any user or process that can read the file system. Implement a secure credential management system. This could involve using environment variables, a secrets management service (e.g., HashiCorp Vault, AWS Secrets Manager), or an encrypted credential store that requires a master password or key for decryption. | LLM | scripts/config.example.json:7 |
Scan History
Embed Code
[](https://skillshield.io/report/6ec2f4818d54aa63)
Powered by SkillShield