Trust Assessment
denario-skill received a trust score of 10/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 16 findings: 6 critical, 6 high, 3 medium, and 1 low severity. Key findings include Unsafe environment variable passthrough, Credential harvesting, Missing required field: name.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The Manifest Analysis layer scored lowest at 0/100, indicating areas for improvement.
Last analyzed on February 14, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings16
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Credential harvesting Reading well-known credential environment variables Skills should only access environment variables they explicitly need. Bulk environment dumps (os.environ.copy, JSON.stringify(process.env)) are almost always malicious. Remove access to Keychain, GPG keys, and credential stores. | Manifest | skills/jmanhype/denario-skill/scripts/test_citations.py:9 | |
| CRITICAL | Credential harvesting Reading well-known credential environment variables Skills should only access environment variables they explicitly need. Bulk environment dumps (os.environ.copy, JSON.stringify(process.env)) are almost always malicious. Remove access to Keychain, GPG keys, and credential stores. | Manifest | skills/jmanhype/denario-skill/scripts/test_denario.py:6 | |
| CRITICAL | Credential harvesting Reading well-known credential environment variables Skills should only access environment variables they explicitly need. Bulk environment dumps (os.environ.copy, JSON.stringify(process.env)) are almost always malicious. Remove access to Keychain, GPG keys, and credential stores. | Manifest | skills/jmanhype/denario-skill/scripts/test_method.py:6 | |
| CRITICAL | Credential harvesting Reading well-known credential environment variables Skills should only access environment variables they explicitly need. Bulk environment dumps (os.environ.copy, JSON.stringify(process.env)) are almost always malicious. Remove access to Keychain, GPG keys, and credential stores. | Manifest | skills/jmanhype/denario-skill/scripts/test_paper.py:9 | |
| CRITICAL | Credential harvesting Reading well-known credential environment variables Skills should only access environment variables they explicitly need. Bulk environment dumps (os.environ.copy, JSON.stringify(process.env)) are almost always malicious. Remove access to Keychain, GPG keys, and credential stores. | Manifest | skills/jmanhype/denario-skill/scripts/test_results.py:6 | |
| CRITICAL | Hardcoded API Key The `PERPLEXITY_API_KEY` is directly embedded in `scripts/test_citations.py`. This exposes a sensitive credential in plain text within the skill's source code, making it vulnerable to unauthorized access and misuse. An attacker could extract this key and use it to make calls to the Perplexity API, potentially incurring costs or accessing services without authorization. Remove the hardcoded API key. Store sensitive credentials securely, such as in environment variables, a dedicated secrets management service, or a configuration file that is excluded from version control. The skill already uses environment variables for `OPENAI_API_KEY`, and `PERPLEXITY_API_KEY` should be handled similarly. | LLM | scripts/test_citations.py:10 | |
| HIGH | Unsafe environment variable passthrough Access to well-known credential environment variables Minimize environment variable exposure. Only pass required, non-sensitive variables to MCP servers. Use dedicated secret management instead of environment passthrough. | Manifest | skills/jmanhype/denario-skill/scripts/test_citations.py:9 | |
| HIGH | Unsafe environment variable passthrough Access to well-known credential environment variables Minimize environment variable exposure. Only pass required, non-sensitive variables to MCP servers. Use dedicated secret management instead of environment passthrough. | Manifest | skills/jmanhype/denario-skill/scripts/test_denario.py:6 | |
| HIGH | Unsafe environment variable passthrough Access to well-known credential environment variables Minimize environment variable exposure. Only pass required, non-sensitive variables to MCP servers. Use dedicated secret management instead of environment passthrough. | Manifest | skills/jmanhype/denario-skill/scripts/test_method.py:6 | |
| HIGH | Unsafe environment variable passthrough Access to well-known credential environment variables Minimize environment variable exposure. Only pass required, non-sensitive variables to MCP servers. Use dedicated secret management instead of environment passthrough. | Manifest | skills/jmanhype/denario-skill/scripts/test_paper.py:9 | |
| HIGH | Unsafe environment variable passthrough Access to well-known credential environment variables Minimize environment variable exposure. Only pass required, non-sensitive variables to MCP servers. Use dedicated secret management instead of environment passthrough. | Manifest | skills/jmanhype/denario-skill/scripts/test_results.py:6 | |
| HIGH | Unpinned Python Dependencies The `scripts/wrapper.sh` installs Python packages (`denario`, `langchain-openai`) using `pip install` without specifying exact version numbers. This practice makes the skill vulnerable to supply chain attacks, where a malicious or compromised version of a dependency could be automatically installed, leading to arbitrary code execution or other security breaches. Without version pinning, the skill's behavior can change unexpectedly with new releases of its dependencies. Pin all Python dependencies to exact versions. Create a `requirements.txt` file with specific versions (e.g., `denario==1.0.0`, `langchain-openai==0.0.1`) and modify the `wrapper.sh` script to install from this file (`"$VENV_DIR/bin/pip" install -q -r "$SKILL_DIR/requirements.txt"`). Regularly review and update these pinned versions. | LLM | scripts/wrapper.sh:16 | |
| MEDIUM | Missing required field: name The 'name' field is required for claude_code skills but is missing from frontmatter. Add a 'name' field to the SKILL.md frontmatter. | Static | skills/jmanhype/denario-skill/SKILL.md:1 | |
| MEDIUM | Sensitive environment variable access: $HOME Access to sensitive environment variable '$HOME' detected in shell context. Verify this environment variable access is necessary and the value is not exfiltrated. | Static | skills/jmanhype/denario-skill/scripts/wrapper.sh:7 | |
| MEDIUM | Sensitive environment variable access: $OPENAI_API_KEY Access to sensitive environment variable '$OPENAI_API_KEY' detected in shell context. Verify this environment variable access is necessary and the value is not exfiltrated. | Static | skills/jmanhype/denario-skill/scripts/wrapper.sh:19 | |
| LOW | Node lockfile missing package.json is present but no lockfile was found (package-lock.json, pnpm-lock.yaml, or yarn.lock). Commit a lockfile for deterministic dependency resolution. | Dependencies | skills/jmanhype/denario-skill/package.json |
Scan History
Embed Code
[](https://skillshield.io/report/e5735e53c79cb8fc)
Powered by SkillShield