Trust Assessment
diarybeast received a trust score of 78/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.
SkillShield's automated analysis identified 3 findings: 0 critical, 1 high, 1 medium, and 1 low severity. Key findings include Node lockfile missing, Command Injection via unsanitized external input, Excessive 'exec' tool permission requested.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 12, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings3
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Command Injection via unsanitized external input The skill uses the `open` command with the `$MAGIC_LINK` variable, which is directly sourced from an external API response. If the `dapp.diarybeast.xyz` API were compromised or returned a maliciously crafted string for `magicLink` (e.g., containing shell metacharacters like `;`, `&`, `|`), it could lead to arbitrary command execution on the agent's host. The `open` command is vulnerable to such injection if its argument is not properly sanitized or validated as a URL. Implement robust validation and sanitization for the `MAGIC_LINK` variable before passing it to the `open` command. Ensure it strictly conforms to a URL format and does not contain any shell metacharacters. If the platform provides a dedicated, safer `open_url` tool that handles URL validation internally, prefer using that over a generic `exec` call to `open`. | LLM | SKILL.md:40 | |
| MEDIUM | Excessive 'exec' tool permission requested The skill explicitly requests the `exec` tool permission in its `package.json` manifest. This grants the skill broad capabilities to execute arbitrary shell commands. While used for legitimate operations like `curl`, `jq`, `mkdir`, `echo`, and `open`, this permission is overly broad and significantly increases the attack surface. In combination with the command injection vulnerability identified in `SKILL.md` (SS-CMD-001), this excessive permission allows a compromised external API to execute arbitrary code. Review the necessity of the `exec` tool. If possible, request more granular permissions that align precisely with the skill's requirements (e.g., specific HTTP client tools, file system access to a limited directory). If `exec` is indispensable, ensure all commands executed via `exec` are thoroughly validated and sanitized, especially when incorporating external or user-controlled input. | LLM | package.json:8 | |
| LOW | Node lockfile missing package.json is present but no lockfile was found (package-lock.json, pnpm-lock.yaml, or yarn.lock). Commit a lockfile for deterministic dependency resolution. | Dependencies | skills/dxdleady/diarybeast/package.json |
Scan History
Embed Code
[](https://skillshield.io/report/075b8ac7f58ff78d)
Powered by SkillShield