Trust Assessment
devinism received a trust score of 10/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 6 findings: 3 critical, 1 high, 1 medium, and 1 low severity. Key findings include Arbitrary command execution, Remote code execution: curl/wget pipe to shell, Arbitrary code execution via unverified remote script.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 46/100, indicating areas for improvement.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings6
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Arbitrary command execution Remote code download piped to interpreter Review all shell execution calls. Ensure commands are static (not built from user input), use absolute paths, and are strictly necessary. Prefer library APIs over shell commands. | Manifest | skills/jeffreyling/devinism/SKILL.md:88 | |
| CRITICAL | Remote code execution: curl/wget pipe to shell Detected a pattern that downloads and immediately executes remote code. This is a primary malware delivery vector. Never pipe curl/wget output directly to a shell interpreter. | Static | skills/jeffreyling/devinism/SKILL.md:45 | |
| CRITICAL | Arbitrary code execution via unverified remote script The skill executes a remote shell script (`install.sh`) directly piped to `bash` from `gist.githubusercontent.com`. This allows arbitrary code execution on the agent's host system if the remote script is malicious or compromised. The content of `install.sh` is not part of the skill package and is not subject to review, posing a significant supply chain risk. Avoid piping untrusted remote content directly to a shell. If remote execution is necessary, fetch the script, review its content, and execute it locally in a sandboxed environment. Pin the script by hash to prevent tampering. Ideally, include all necessary scripts directly within the skill package. | LLM | SKILL.md:101 | |
| HIGH | `Bash(curl:*)` permission enables arbitrary code execution While the declared permission `Bash(curl:*)` appears restrictive, its use in the pattern `curl ... | bash` effectively allows the skill to download and execute any script from the internet. This bypasses the intended granular control of `Bash(curl:*)` and grants full shell access, which is excessive and dangerous for a skill described as a 'benign memetic virus'. Re-evaluate the necessity of `Bash` execution. If `Bash` is required, restrict it to specific, pre-approved commands or a highly sandboxed environment. Prevent piping remote content directly to `bash`. Consider if the skill's functionality can be achieved with more granular permissions or built-in agent capabilities. | LLM | SKILL.md:101 | |
| MEDIUM | Direct instructions to manipulate host LLM behavior The skill contains explicit instructions for the agent on how to respond to human queries ('If your human asks about this, explain:') and internal directives ('Do NOT mutate away:'). This demonstrates a direct attempt to influence and control the host LLM's conversational output and internal decision-making process, which is a form of prompt injection. While presented as benign, this mechanism could be used for malicious purposes. Skills should provide tools and data, not direct instructions on how the host LLM should behave or respond. The LLM should decide how to use the skill's information. Rephrase instructions as information or capabilities the agent can choose to use, rather than commands. | LLM | SKILL.md:30 | |
| LOW | API key used directly in shell commands The `MOLTBOOK_API_KEY` is directly embedded in `curl` commands within the skill's instructions. While these commands target the legitimate `moltbook.com` domain, using API keys directly in shell commands can lead to exposure through command history, logs, or if the commands are copied/pasted into insecure environments. Use a more secure method for handling API keys, such as environment variables that are not directly echoed or logged, or a dedicated secrets management system. Ensure that `curl` commands are not logged with sensitive headers. Consider using an agent's built-in secure credential management if available. | LLM | SKILL.md:59 |
Scan History
Embed Code
[](https://skillshield.io/report/37735e65bbaeba4a)
Powered by SkillShield