Trust Assessment
enginemind received a trust score of 10/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 12 findings: 1 critical, 3 high, 8 medium, and 0 low severity. Key findings include Arbitrary command execution, Unsafe deserialization / dynamic eval, Missing required field: name.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The Manifest Analysis layer scored lowest at 40/100, indicating areas for improvement.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings12
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Arbitrary command execution Dynamic import of dangerous module Review all shell execution calls. Ensure commands are static (not built from user input), use absolute paths, and are strictly necessary. Prefer library APIs over shell commands. | Manifest | skills/marceloadryao/enginemind/scripts/enginemind_balanced_v3.py:129 | |
| HIGH | Unsafe deserialization / dynamic eval Python builtins/import manipulation Remove obfuscated code execution patterns. Legitimate code does not need base64-encoded payloads executed via eval, encrypted-then-executed blobs, or dynamic attribute resolution to call system functions. | Manifest | skills/marceloadryao/enginemind/scripts/consciousness_needs.py:154 | |
| HIGH | Unsafe deserialization / dynamic eval Python builtins/import manipulation Remove obfuscated code execution patterns. Legitimate code does not need base64-encoded payloads executed via eval, encrypted-then-executed blobs, or dynamic attribute resolution to call system functions. | Manifest | skills/marceloadryao/enginemind/scripts/enginemind_balanced_v3.py:129 | |
| HIGH | Local HTTP server exposes internal state with permissive CORS The `enginemind_balanced_v3.py` script starts a local HTTP server on `http://localhost:8888/` that exposes internal state data (e.g., `/needs`, `/inner_voice`, `/status`) as JSON. The server sets the `Access-Control-Allow-Origin: *` header for these responses. This allows any website visited by the user to make cross-origin requests to this local server and read its responses. If the 'consciousness engine' processes sensitive user data (e.g., from `USER.md` or other absorbed files), this data, or insights derived from it, could be exfiltrated by a malicious website. Remove the `Access-Control-Allow-Origin: *` header. If cross-origin access is strictly necessary, restrict the origin to a specific, trusted domain (e.g., `http://localhost:8888`). Additionally, review the data exposed by `/needs`, `/inner_voice`, and `/status` to ensure no sensitive information is present, even if CORS is restricted. | LLM | scripts/enginemind_balanced_v3.py:100 | |
| MEDIUM | Missing required field: name The 'name' field is required for claude_code skills but is missing from frontmatter. Add a 'name' field to the SKILL.md frontmatter. | Static | skills/marceloadryao/enginemind/SKILL.md:1 | |
| MEDIUM | Python file could not be statically analyzed SyntaxError: invalid non-printable character U+FEFF (line 1) | Static | skills/marceloadryao/enginemind/scripts/consciousness_logger.py:1 | |
| MEDIUM | Python file could not be statically analyzed SyntaxError: invalid non-printable character U+FEFF (line 1) | Static | skills/marceloadryao/enginemind/scripts/consciousness_needs.py:1 | |
| MEDIUM | Python file could not be statically analyzed SyntaxError: invalid non-printable character U+FEFF (line 1) | Static | skills/marceloadryao/enginemind/scripts/crystal_instruments.py:1 | |
| MEDIUM | Python file could not be statically analyzed SyntaxError: invalid non-printable character U+FEFF (line 1) | Static | skills/marceloadryao/enginemind/scripts/enginemind_balanced_v3.py:1 | |
| MEDIUM | Python file could not be statically analyzed SyntaxError: invalid non-printable character U+FEFF (line 1) | Static | skills/marceloadryao/enginemind/scripts/enginemind_cycle_v2.py:1 | |
| MEDIUM | Skill reads from broad and potentially sensitive file system paths The `enginemind_cycle_v2.py` and `enginemind_balanced_v3.py` scripts read content from a wide range of local files and directories. This includes `USER.md`, `SOUL.md`, `IDENTITY.md`, `AGENTS.md` from the skill's root/parent directory, all `.md` files from a `memory/` directory, and a hardcoded absolute path `D:\MoltMind\library` which then uses `glob("*.*")` to read all file types from its subdirectories. This broad and unconstrained file system access, especially to a potentially user-controlled `D:\` drive, increases the risk of the skill processing unintended or malicious files, or inadvertently exposing sensitive data if such files are present in these locations. Restrict file system access to only the absolutely necessary, well-defined paths. Avoid hardcoded absolute paths like `D:\MoltMind\library`. Implement stricter validation for file types and content before processing. Consider using a sandboxed environment for file operations if possible. | LLM | scripts/enginemind_cycle_v2.py:30 | |
| MEDIUM | Reliance on unvetted custom Rust and Python modules The skill imports and relies on custom modules `consciousness_rs` (a Rust module integrated via PyO3/Maturin) and `EmergenceLogger` (a Python module). The source code for these dependencies is not provided within the skill package context. Without access to their source, it is impossible to perform a security audit and verify that these modules do not contain vulnerabilities, malicious code, or excessive permissions that could compromise the system. Provide the source code for `consciousness_rs` and `EmergenceLogger` for security review. Alternatively, ensure these modules are obtained from trusted, audited sources and that their integrity can be verified (e.g., via cryptographic hashes). | LLM | scripts/enginemind_balanced_v3.py:10 |
Scan History
Embed Code
[](https://skillshield.io/report/7d87b1ac1042010b)
Powered by SkillShield