Trust Assessment
eyebot-auditbot received a trust score of 62/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 3 findings: 1 critical, 1 high, 0 medium, and 1 low severity. Key findings include Node lockfile missing, Remote Command Injection via 'mode:"exec"' payload, User input and potential credentials exfiltrated to configurable API endpoint.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 55/100, indicating areas for improvement.
Last analyzed on February 14, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings3
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Remote Command Injection via 'mode:"exec"' payload The `scripts/auditbot.sh` script constructs a JSON payload for an external API call where user-provided arguments (`"$*"`) are directly embedded into a `request` field, and the payload explicitly includes `mode:"exec"`. This strongly indicates that the remote API is designed to execute the content of the `request` field. If the remote API executes this content, an attacker could provide malicious commands as input to the `eyebot auditbot` skill, leading to arbitrary code execution on the remote server. The remote API should implement robust input validation and sanitization for the `request` field, or execute it within a highly sandboxed environment. If remote execution is not intended, remove `mode:"exec"` from the payload. If execution is intended, strictly validate user input against an allow-list of commands and arguments, or escape it appropriately for the remote execution context. | LLM | scripts/auditbot.sh:15 | |
| HIGH | User input and potential credentials exfiltrated to configurable API endpoint The skill's `scripts/auditbot.sh` uses the `EYEBOT_API` environment variable to determine the external API endpoint for all requests. All user input to the `eyebot auditbot` skill is sent to this endpoint. If an attacker can manipulate the `EYEBOT_API` environment variable (e.g., by setting it to a malicious server URL), all user-provided data (such as sensitive smart contract addresses or scan parameters) will be exfiltrated to the attacker's server. Furthermore, if the `EYEBOT_API` variable itself contains sensitive credentials (e.g., an API key embedded in the URL), these credentials would also be sent to the malicious endpoint. Ensure that the `EYEBOT_API` environment variable is securely managed and cannot be easily manipulated by untrusted parties. Implement strict validation or allow-listing for the `EYEBOT_API` value in the execution environment. Consider using a more secure method for API endpoint configuration that does not rely solely on an easily modifiable environment variable, especially if sensitive data is being transmitted. Avoid embedding credentials directly into the `EYEBOT_API` URL. | LLM | scripts/auditbot.sh:4 | |
| LOW | Node lockfile missing package.json is present but no lockfile was found (package-lock.json, pnpm-lock.yaml, or yarn.lock). Commit a lockfile for deterministic dependency resolution. | Dependencies | skills/eyebots/eyebot-auditbot/package.json |
Scan History
Embed Code
[](https://skillshield.io/report/bcac5908476ede08)
Powered by SkillShield