Trust Assessment
discord-watcher received a trust score of 58/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 5 findings: 1 critical, 1 high, 2 medium, and 1 low severity. Key findings include Sensitive environment variable access: $DISCORD_TOKEN, Command Injection via unvalidated extra arguments, Command Injection via unvalidated date period.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 46/100, indicating areas for improvement.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings5
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Command Injection via unvalidated extra arguments The `update.sh` script directly passes user-supplied arguments collected in `EXTRA_ARGS` to the `DiscordChatExporter.Cli` executable without any sanitization or validation. An attacker controlling the input to `EXTRA_ARGS` can inject arbitrary arguments to the `DiscordChatExporter.Cli` command, potentially leading to unintended actions by the tool (e.g., overwriting files, exfiltrating data if the tool supports it) or even arbitrary code execution if the tool has a vulnerability or a feature that can be abused (e.g., `--exec` or `--config` with a malicious file). Implement strict validation and sanitization for all user-supplied arguments before passing them to external commands. Consider using a fixed allow-list of arguments or a more robust argument parsing library that prevents injection. Alternatively, ensure that `DiscordChatExporter.Cli` is invoked with only explicitly defined and safe arguments. | LLM | update.sh:60 | |
| HIGH | Command Injection via unvalidated date period The `PERIOD` variable, which can be controlled by user input via the `--period` argument, is directly used within a `date -d "$PERIOD"` command. If `PERIOD` contains shell metacharacters (e.g., `"; rm -rf /"`), it could lead to arbitrary command execution on the host system. Validate the `PERIOD` input to ensure it adheres to a strict date/time format and does not contain any shell metacharacters. Prefer using a safer method for date parsing that does not involve direct shell execution of user-controlled strings, or escape the input properly. | LLM | update.sh:54 | |
| MEDIUM | Sensitive environment variable access: $DISCORD_TOKEN Access to sensitive environment variable '$DISCORD_TOKEN' detected in shell context. Verify this environment variable access is necessary and the value is not exfiltrated. | Static | skills/louis-br/discord-watcher/update.sh:8 | |
| MEDIUM | Unpinned external dependency (DiscordChatExporter.Cli) The skill relies on an external executable, `DiscordChatExporter.Cli`, which is downloaded manually from GitHub releases. The installation instructions do not specify a particular version or provide a cryptographic hash for integrity verification. This means that future downloads could fetch a different or potentially malicious version if the upstream project is compromised or changes its release strategy, introducing a supply chain risk. Pin the dependency to a specific version (e.g., by specifying a full release URL with version number) and provide a cryptographic hash (e.g., SHA256) for integrity verification. Instruct users to verify the hash after download to ensure the downloaded executable has not been tampered with. | LLM | SKILL.md:15 | |
| LOW | Sensitive credential passed as command-line argument The `DISCORD_TOKEN` is passed as a command-line argument (`--token "$TOKEN"`) to `DiscordChatExporter.Cli`. On some operating systems, command-line arguments can be visible to other users or processes via tools like `ps aux`, potentially exposing the sensitive token. While the script also supports reading from the `DISCORD_TOKEN` environment variable, the `--token` argument overrides it. Prioritize using environment variables for sensitive credentials. If a command-line argument is necessary, explore if the `DiscordChatExporter.Cli` tool supports reading the token from standard input or a securely managed file, which are generally safer alternatives to command-line arguments. | LLM | update.sh:60 |
Scan History
Embed Code
[](https://skillshield.io/report/4645ae9fa9042770)
Powered by SkillShield