Trust Assessment
etf-assistant received a trust score of 10/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 7 findings: 7 critical, 0 high, 0 medium, and 0 low severity. Key findings include Arbitrary command execution, Remote code execution: curl/wget pipe to shell, Unsanitized user input in curl command leads to command injection.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 10/100, indicating areas for improvement.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings7
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Arbitrary command execution Remote code download piped to interpreter Review all shell execution calls. Ensure commands are static (not built from user input), use absolute paths, and are strictly necessary. Prefer library APIs over shell commands. | Manifest | skills/franky0617/etf-assistant/etf-assistant.sh:195 | |
| CRITICAL | Arbitrary command execution Remote code download piped to interpreter Review all shell execution calls. Ensure commands are static (not built from user input), use absolute paths, and are strictly necessary. Prefer library APIs over shell commands. | Manifest | skills/franky0617/etf-assistant/etf-assistant.sh:204 | |
| CRITICAL | Remote code execution: curl/wget pipe to shell Detected a pattern that downloads and immediately executes remote code. This is a primary malware delivery vector. Never pipe curl/wget output directly to a shell interpreter. | Static | skills/franky0617/etf-assistant/etf-assistant.sh:195 | |
| CRITICAL | Remote code execution: curl/wget pipe to shell Detected a pattern that downloads and immediately executes remote code. This is a primary malware delivery vector. Never pipe curl/wget output directly to a shell interpreter. | Static | skills/franky0617/etf-assistant/etf-assistant.sh:204 | |
| CRITICAL | Unsanitized user input in curl command leads to command injection The `code` parameter, which is user-controlled input, is directly interpolated into the URL string within `curl` commands in the `cmd_price` and `cmd_compare` functions. An attacker can inject shell metacharacters like `$(command)` or `"; command; echo "` to execute arbitrary commands on the host system. This allows for full command injection, potentially leading to data exfiltration, credential harvesting, or system compromise. Implement strict input validation for the `code` parameter to ensure it only contains expected characters (e.g., digits). For example, add `if ! [[ "$code" =~ ^[0-9]+$ ]]; then echo -e "${RED}❌ Invalid ETF code format.${NC}"; return 1; fi` at the beginning of functions that use `code`. If non-numeric characters are expected in the future, the input must be URL-encoded before being used in the `curl` command to prevent shell interpretation. | LLM | etf-assistant.sh:50 | |
| CRITICAL | Unsanitized user input in curl command leads to command injection The `code1` and `code2` parameters, which are user-controlled input, are directly interpolated into the URL string within `curl` commands in the `cmd_compare` function. An attacker can inject shell metacharacters like `$(command)` or `"; command; echo "` to execute arbitrary commands on the host system. This allows for full command injection, potentially leading to data exfiltration, credential harvesting, or system compromise. Implement strict input validation for the `code1` and `code2` parameters to ensure they only contain expected characters (e.g., digits). For example, add `if ! [[ "$code1" =~ ^[0-9]+$ ]]; then echo -e "${RED}❌ Invalid ETF code1 format.${NC}"; return 1; fi` and similar for `code2`. If non-numeric characters are expected in the future, the input must be URL-encoded before being used in the `curl` command to prevent shell interpretation. | LLM | etf-assistant.sh:130 | |
| CRITICAL | Unsanitized user input in curl command leads to command injection The `code1` and `code2` parameters, which are user-controlled input, are directly interpolated into the URL string within `curl` commands in the `cmd_compare` function. An attacker can inject shell metacharacters like `$(command)` or `"; command; echo "` to execute arbitrary commands on the host system. This allows for full command injection, potentially leading to data exfiltration, credential harvesting, or system compromise. Implement strict input validation for the `code1` and `code2` parameters to ensure they only contain expected characters (e.g., digits). For example, add `if ! [[ "$code1" =~ ^[0-9]+$ ]]; then echo -e "${RED}❌ Invalid ETF code1 format.${NC}"; return 1; fi` and similar for `code2`. If non-numeric characters are expected in the future, the input must be URL-encoded before being used in the `curl` command to prevent shell interpretation. | LLM | etf-assistant.sh:140 |
Scan History
Embed Code
[](https://skillshield.io/report/3586e72eda727a2c)
Powered by SkillShield