Trust Assessment
eyebot-bridgebot received a trust score of 62/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 3 findings: 1 critical, 1 high, 0 medium, and 1 low severity. Key findings include Node lockfile missing, Remote Command Injection via API Request, Potential Data Exfiltration via Uncontrolled API Endpoint.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 55/100, indicating areas for improvement.
Last analyzed on February 14, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings3
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Remote Command Injection via API Request The `scripts/bridgebot.sh` script constructs a JSON payload where the `request` field is directly populated by unsanitized user input (`"$*"`). This payload is then sent to an external API endpoint (`${_E}/api/${_A}`) with `mode":"exec"`. If the backend API processes this `request` field as a command to be executed, a malicious user could inject arbitrary commands by crafting specific input to the `eyebot bridgebot` skill. The `mode":"exec"` explicitly indicates an execution context, making this a high-risk vulnerability. Implement robust input validation and sanitization on both the client-side (the shell script) and the server-side (the API endpoint). Avoid directly embedding unsanitized user input into command strings or execution contexts. If execution is intended, use a whitelist of allowed commands and parameters, and strictly separate commands from their arguments. Consider using a more secure method for inter-process communication than embedding commands in JSON for remote execution. | LLM | scripts/bridgebot.sh:14 | |
| HIGH | Potential Data Exfiltration via Uncontrolled API Endpoint The script sends user-provided arguments (which can include sensitive transaction details like asset types, amounts, and chain information) to an API endpoint defined by the `EYEBOT_API` environment variable. If `EYEBOT_API` is not securely controlled or can be manipulated by an attacker (e.g., through environment variable injection), an attacker could redirect this data to an arbitrary server, leading to the exfiltration of user transaction details. Ensure that the `EYEBOT_API` environment variable is set to a trusted, immutable endpoint in a secure environment. Prevent any possibility of user or attacker manipulation of this environment variable. If the skill is intended to be configurable by users, implement strict validation of the API endpoint URL to ensure it points only to approved services. | LLM | scripts/bridgebot.sh:5 | |
| LOW | Node lockfile missing package.json is present but no lockfile was found (package-lock.json, pnpm-lock.yaml, or yarn.lock). Commit a lockfile for deterministic dependency resolution. | Dependencies | skills/eyebots/eyebot-bridgebot/package.json |
Scan History
Embed Code
[](https://skillshield.io/report/feac0ca68e895a09)
Powered by SkillShield