Trust Assessment
deploy-agent received a trust score of 65/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 2 findings: 1 critical, 0 high, 1 medium, and 0 low severity. Key findings include Sensitive environment variable access: $HOME, Unsanitized deployment name allows path traversal and command injection.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 14, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings2
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Unsanitized deployment name allows path traversal and command injection The `deploy-agent` script uses the user-provided deployment name (`$name`) directly in file path constructions and potentially as an application directory (`app_dir`). This lack of sanitization allows an attacker to use path traversal sequences (e.g., `../`, `/`) in the deployment name to:
1. **Arbitrary File Read/Write**: Read or write arbitrary files on the system (e.g., `deploy-agent init ../../../tmp/malicious` could create `/tmp/malicious.json`, or `deploy-agent status ../../../etc/passwd` could read `/etc/passwd` and pipe its content to `jq`, leading to data exfiltration).
2. **Command Injection**: Execute arbitrary commands by changing the current directory (`cd`) to a malicious path (e.g., `cd ../../malicious_dir`) and then running commands like `npm list` or `grep -r` which can trigger `preinstall`/`postinstall` scripts or traverse unexpected directories within the attacker-controlled path. 1. **Sanitize Input**: Before using `$name` or `$app_dir` in file paths or `cd` commands, sanitize the input to ensure it contains only safe characters (e.g., alphanumeric, hyphens, underscores) and does not contain path separators (`/`, `\`, `..`). A regex check like `if [[ ! "$name" =~ ^[a-zA-Z0-9_-]+$ ]]; then error "Invalid name"; exit 1; fi` should be implemented. 2. **Canonicalize Paths**: Use `realpath` or similar utilities to resolve and validate paths before use, ensuring they remain within expected, controlled boundaries. 3. **Quote Variables**: While already present in the snippet, always ensure variables are properly quoted when used in shell commands (e.g., `cd "$app_dir"`) to prevent word splitting and globbing, though this alone does not prevent path traversal. | LLM | scripts/deploy-agent.sh:29 | |
| MEDIUM | Sensitive environment variable access: $HOME Access to sensitive environment variable '$HOME' detected in shell context. Verify this environment variable access is necessary and the value is not exfiltrated. | Static | skills/sherajdev/deploy-agent/scripts/deploy-agent.sh:8 |
Scan History
Embed Code
[](https://skillshield.io/report/c293b9bc6073bddc)
Powered by SkillShield