Trust Assessment
diarybeast received a trust score of 62/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 4 findings: 1 critical, 2 high, 0 medium, and 1 low severity. Key findings include Node lockfile missing, Skill requests 'exec' permission, Unquoted variables in 'curl' headers allow command injection.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 40/100, indicating areas for improvement.
Last analyzed on February 14, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings4
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Unquoted variables in 'curl' headers allow command injection The skill constructs 'curl' commands where variables `$TOKEN` and `$ADDRESS` are used directly in HTTP headers (e.g., `Authorization: Bearer $TOKEN`, `x-wallet-address: $ADDRESS`) without being enclosed in double quotes. If the `diarybeast.xyz` server returns a token or wallet address containing shell metacharacters (e.g., `;`, `|`, `&`, `$()`, `` ` ``), these characters could break out of the `curl` command's argument and execute arbitrary shell commands. This is a direct command injection vulnerability, especially critical given the skill already has `exec` permissions. Always enclose variables used in shell commands within double quotes to prevent word splitting and globbing, and to protect against command substitution. For HTTP headers, ensure the variable is quoted, e.g., `-H "Authorization: Bearer \"$TOKEN\""` or `-H "Authorization: Bearer $(printf %q "$TOKEN")"`. The simplest fix is to quote the variable: `-H "Authorization: Bearer \"$TOKEN\""`. | LLM | SKILL.md:39 | |
| HIGH | Skill requests 'exec' permission The skill explicitly declares a requirement for the 'exec' tool in its manifest. This grants the skill the ability to execute arbitrary shell commands, which is a highly privileged operation. While the skill uses 'exec' for legitimate purposes (e.g., 'curl', 'jq', 'open'), the permission itself is broad and poses a significant security risk if the skill's logic can be manipulated. Re-evaluate if 'exec' is strictly necessary. If specific commands are needed, consider using more granular tools or a sandboxed execution environment. If 'exec' is unavoidable, ensure all command arguments derived from external input are rigorously sanitized and quoted. | LLM | Manifest (frontmatter JSON) | |
| HIGH | 'echo $RESPONSE' pattern vulnerable to command substitution The skill uses `echo $RESPONSE | jq -r ...` to parse JSON responses. If the `diarybeast.xyz` server can craft the `$RESPONSE` content to include shell command substitutions (e.g., `$(evil_command)`), the `echo $RESPONSE` part could execute arbitrary commands before piping to `jq`. While `jq -r` extracts raw strings, the initial `echo` is vulnerable. This risk is amplified by the skill's `exec` permission. Avoid using `echo $VAR` for potentially untrusted input. Instead, pipe the `curl` output directly to `jq`: `TOKEN=$(curl -s -X POST ... | jq -r '.token')`. This eliminates the intermediate `echo` command and its associated risks. | LLM | SKILL.md:28 | |
| LOW | Node lockfile missing package.json is present but no lockfile was found (package-lock.json, pnpm-lock.yaml, or yarn.lock). Commit a lockfile for deterministic dependency resolution. | Dependencies | skills/dxdleady/diarybeast-app/package.json |
Scan History
Embed Code
[](https://skillshield.io/report/eb2a2ab74463cdcc)
Powered by SkillShield