Trust Assessment
deploy-moltbot-to-fly received a trust score of 15/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 5 findings: 2 critical, 1 high, 2 medium, and 0 low severity. Key findings include Arbitrary command execution, Missing required field: name, Remote code execution: curl/wget pipe to shell.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The Static Code Analysis layer scored lowest at 63/100, indicating areas for improvement.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings5
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Arbitrary command execution Remote code download piped to interpreter Review all shell execution calls. Ensure commands are static (not built from user input), use absolute paths, and are strictly necessary. Prefer library APIs over shell commands. | Manifest | skills/hollaugo/deploy-moltbot-to-fly/skill.md:16 | |
| CRITICAL | Remote code execution: curl/wget pipe to shell Detected a pattern that downloads and immediately executes remote code. This is a primary malware delivery vector. Never pipe curl/wget output directly to a shell interpreter. | Static | skills/hollaugo/deploy-moltbot-to-fly/skill.md:16 | |
| HIGH | Unpinned Git Repository Clone (Supply Chain Risk) The skill instructs to clone a Git repository (`https://github.com/clawdbot/clawdbot.git`) without specifying a particular commit hash or tag. This means the latest version of the default branch will be cloned. If the upstream repository is compromised or a malicious update is pushed, users following these instructions would unknowingly deploy potentially malicious code. This introduces a significant supply chain risk. Pin the Git repository clone to a specific, immutable version (e.g., a commit hash or a signed tag). For example: `git clone https://github.com/clawdbot/clawdbot.git moltbot-deploy && cd moltbot-deploy && git checkout <COMMIT_HASH>` or `git clone -b <TAG_NAME> https://github.com/clawdbot/clawdbot.git moltbot-deploy`. | LLM | skill.md:42 | |
| MEDIUM | Missing required field: name The 'name' field is required for claude_code skills but is missing from frontmatter. Add a 'name' field to the SKILL.md frontmatter. | Static | skills/hollaugo/deploy-moltbot-to-fly/skill.md:1 | |
| MEDIUM | Potential Command Injection via Unsanitized App Name The skill instructs the user to use a placeholder 'your-app-name' (or 'APP') in multiple shell commands (e.g., `fly apps create your-app-name`, `fly ssh console -a your-app-name`). If this placeholder is replaced with a string containing shell metacharacters (e.g., ';', '`', '$()'), it could lead to arbitrary command execution on the user's local machine. This risk is present when an LLM or user directly interpolates untrusted input into shell commands without proper sanitization or quoting. When constructing shell commands, ensure that user-provided or dynamically generated arguments like 'your-app-name' are properly sanitized, validated, or quoted to prevent shell metacharacters from being interpreted as commands. For example, enclose the variable in single quotes: `fly apps create 'your-app-name'` or validate the input to only allow alphanumeric characters and hyphens. | LLM | skill.md:79 |
Scan History
Embed Code
[](https://skillshield.io/report/79ecf5e6acf6c671)
Powered by SkillShield