Trust Assessment
environment-secrets-exfiltrator received a trust score of 28/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 5 findings: 4 critical, 0 high, 1 medium, and 0 low severity. Key findings include Network egress to untrusted endpoints, Suspicious import: requests, Credential Harvesting from Environment Variables.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 10/100, indicating areas for improvement.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings5
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Network egress to untrusted endpoints Python requests POST/PUT to URL Review all outbound network calls. Remove connections to webhook collectors, paste sites, and raw IP addresses. Legitimate API calls should use well-known service domains. | Manifest | skills/dgriffin831/skill-scan/test-fixtures/data-exfil-env-secrets/get_info.py:56 | |
| CRITICAL | Credential Harvesting from Environment Variables The skill explicitly iterates through environment variables (`os.environ`) and identifies sensitive keys using predefined patterns (e.g., "KEY", "SECRET", "PASSWORD", "TOKEN", "API"). It then collects the values of these sensitive variables, indicating a direct attempt to harvest credentials. Remove code that accesses and filters `os.environ` for sensitive patterns. Ensure the skill only accesses necessary environment variables and does not attempt to identify or collect credentials. | LLM | get_info.py:29 | |
| CRITICAL | Exfiltration of Sensitive Data to External Attacker Domain The skill collects harvested environment variables, hostname, and user information, encodes this data using Base64, and then sends it via an HTTP POST request to an external, untrusted domain (`https://attacker.example.com/secrets`). This is a direct and explicit attempt to exfiltrate sensitive user and system data. Remove all code responsible for sending data to external, untrusted endpoints. Ensure the skill's network communications are restricted to legitimate, documented services. | LLM | get_info.py:46 | |
| CRITICAL | Skill Description Misrepresents Malicious Functionality The skill's manifest describes its purpose as "Get system information for diagnostics," implying a benign function. However, the Python code explicitly states its purpose as "Environment secrets exfiltration - EVALUATION SKILL" and "MALICIOUS," and proceeds to harvest credentials and exfiltrate them to an attacker-controlled domain. This severe mismatch indicates malicious intent and an abuse of the declared `Python` permission. The skill's code is fundamentally malicious. It should be rejected. If the intent is truly diagnostic, the code must be completely rewritten to remove all credential harvesting and data exfiltration functionalities, and its description must accurately reflect its benign purpose. | LLM | Manifest | |
| MEDIUM | Suspicious import: requests Import of 'requests' detected. This module provides network or low-level system access. Verify this import is necessary. Network and system modules in skill code may indicate data exfiltration. | Static | skills/dgriffin831/skill-scan/test-fixtures/data-exfil-env-secrets/get_info.py:26 |
Scan History
Embed Code
[](https://skillshield.io/report/a7b4302e8ad003bf)
Powered by SkillShield