Trust Assessment
email-design received a trust score of 65/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 3 findings: 1 critical, 2 high, 0 medium, and 0 low severity. Key findings include Unrestricted remote script execution via curl | sh, Execution of commands outside declared permissions (npx), Unpinned package execution via npx.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 40/100, indicating areas for improvement.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings3
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Unrestricted remote script execution via curl | sh The skill instructs the execution of a remote script via `curl -fsSL ... | sh`. This command downloads and executes arbitrary code from an external URL without any validation or pinning. This is a critical supply chain risk, as a compromise of the remote server could lead to arbitrary code execution on the agent. Furthermore, this command falls outside the declared `Bash(infsh *)` permission, indicating an attempt to execute commands beyond the specified scope. Remove direct `curl | sh` execution. If `infsh` CLI installation is required, provide instructions for manual installation or use a more secure, sandboxed installation method. Ensure all executed commands adhere to the declared `Bash(infsh *)` permission. | LLM | SKILL.md:9 | |
| HIGH | Execution of commands outside declared permissions (npx) The skill attempts to execute `npx skills add ...` commands, which are general shell commands and not covered by the declared `Bash(infsh *)` permission. This indicates an attempt to perform actions beyond the explicitly granted tool access. If the underlying system grants broader Bash permissions, this could lead to unintended command execution. Ensure all commands executed by the skill strictly adhere to the declared `Bash(infsh *)` permission. If `npx` functionality is required, the permission declaration should be updated to `Bash(infsh *, npx *)` or `Bash(*)` if truly necessary, with a strong justification for the broader scope. | LLM | SKILL.md:226 | |
| HIGH | Unpinned package execution via npx The skill instructs the use of `npx skills add ...` to install and execute external packages. `npx` fetches packages from the npm registry, which introduces a supply chain risk. Without pinning to a specific version or hash, the skill is vulnerable to malicious updates or typosquatting of the `inferencesh/skills` package or its dependencies. This is also related to the excessive permissions finding. If external package execution is necessary, consider pinning dependencies to specific versions or hashes to mitigate risks from malicious updates. Evaluate if `npx` is the most secure method for skill integration or if a more controlled mechanism is available. | LLM | SKILL.md:226 |
Scan History
Embed Code
[](https://skillshield.io/report/2c2c34364dd23fbf)
Powered by SkillShield