Trust Assessment
enginemind-eft received a trust score of 65/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 4 findings: 0 critical, 3 high, 1 medium, and 0 low severity. Key findings include Command Injection via user-controlled Python executable path, Command Injection via user-controlled engine path affecting CWD and Python path, Excessive File System Permissions via user-controlled log path.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 48/100, indicating areas for improvement.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings4
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Command Injection via user-controlled Python executable path The `pythonPath` variable, which is derived from user-configurable plugin settings (`api.pluginConfig.pythonPath`), is used directly as the executable in a `child_process.spawn` call. An attacker who can control this configuration value could specify an arbitrary executable, leading to arbitrary command execution on the host system. Strictly validate or sanitize the `cfg.pythonPath` configuration to ensure it only points to a trusted Python interpreter. Consider using a fixed, known Python executable path or enforcing a virtual environment path that cannot be altered by users. | LLM | plugin/index.ts:40 | |
| HIGH | Command Injection via user-controlled engine path affecting CWD and Python path The `enginePath` variable, derived from user-configurable plugin settings (`api.pluginConfig.enginePath`), determines the current working directory (`cwd`) for the spawned Python process. This `cwd` is then explicitly added to the Python system path (`sys.path.insert(0, r"${cwd}")`). An attacker controlling `cfg.enginePath` could point to a directory containing a malicious `emotion_engine.py` or `consciousness_rs` module, which would then be imported and executed by the spawned Python process, leading to arbitrary code execution. Strictly validate or sanitize the `cfg.enginePath` configuration to ensure it points only to a trusted and expected location. Avoid adding arbitrary user-controlled paths to the Python system path. | LLM | plugin/index.ts:29 | |
| HIGH | Excessive File System Permissions via user-controlled log path The `logPath` variable, derived from user-configurable plugin settings (`api.pluginConfig.logPath`), is used for both reading (`fs.readFileSync`) and writing (`fs.appendFileSync`) log files. An attacker controlling this path could specify an arbitrary file on the system, allowing them to read sensitive files (e.g., `/etc/passwd`, credential files) or write arbitrary JSON data to any file, potentially overwriting critical system files or exfiltrating data to publicly accessible locations. Strictly validate or sanitize the `cfg.logPath` configuration to ensure it points only to a designated, secure logging directory. Implement checks to prevent writing or reading outside this directory. | LLM | plugin/index.ts:70 | |
| MEDIUM | Data Exfiltration via exposure of all environment variables to spawned process The `child_process.spawn` call passes all environment variables of the parent Node.js process to the spawned Python process using `env: { ...process.env, ... }`. If the parent process contains sensitive environment variables (e.g., API keys, database credentials), these could be exposed to the Python script. While the Python script itself is controlled by the skill developer, this becomes a significant data exfiltration risk if the Python process is compromised through other vulnerabilities (e.g., command injection via `pythonPath` or `enginePath`). Explicitly define and whitelist only the necessary environment variables to be passed to the spawned process, rather than copying all of `process.env`. This minimizes the attack surface in case of a command injection vulnerability. | LLM | plugin/index.ts:40 |
Scan History
Embed Code
[](https://skillshield.io/report/91cc5545db9dec8e)
Powered by SkillShield