Trust Assessment
eyebot-cronbot received a trust score of 75/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.
SkillShield's automated analysis identified 4 findings: 0 critical, 1 high, 1 medium, and 2 low severity. Key findings include Node lockfile missing, Remote Command Injection via API Endpoint, User input sent to configurable external API.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings4
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Remote Command Injection via API Endpoint The `scripts/cronbot.sh` script constructs a JSON payload where user-supplied arguments (`$*`) are directly inserted into the `request` field. This payload is then sent to an external API endpoint (defined by `EYEBOT_API`) with `mode":"exec"`. This strongly indicates that the remote server is intended to execute the content of the `request` field. An attacker controlling the input to the `eyebot cronbot` command could potentially execute arbitrary commands on the remote server if the `EYEBOT_API` endpoint does not properly sanitize or sandbox the `request` field. While this is not a local shell injection in the `cronbot.sh` script itself, it represents a significant remote command execution vulnerability. The remote API endpoint receiving these requests must implement robust input validation, sanitization, and sandboxing for the `request` field, especially given the `mode":"exec"` flag. If arbitrary command execution is intended, it must be performed within a highly restricted and isolated environment. The client script should also clearly document this behavior and warn users about the risks of providing untrusted input. | LLM | scripts/cronbot.sh:15 | |
| MEDIUM | User input sent to configurable external API The script sends user-provided commands (which could potentially contain sensitive information or PII if the user inputs it) to an external API endpoint configured via the `EYEBOT_API` environment variable. If the `EYEBOT_API` endpoint is compromised, misconfigured, or points to an untrusted third-party service, any data sent via the `request` field could be exfiltrated. Ensure that the `EYEBOT_API` environment variable always points to a trusted, secure, and properly managed API endpoint. Implement strict access controls, encryption in transit, and comprehensive logging on the API server to monitor data access. Users should be advised against including sensitive information in commands. | LLM | scripts/cronbot.sh:16 | |
| LOW | Node lockfile missing package.json is present but no lockfile was found (package-lock.json, pnpm-lock.yaml, or yarn.lock). Commit a lockfile for deterministic dependency resolution. | Dependencies | skills/eyebots/eyebot-cronbot/package.json | |
| LOW | API endpoint configured via environment variable The script retrieves the `EYEBOT_API` endpoint from an environment variable. If this variable were to contain sensitive credentials (e.g., an API key embedded in the URL, or a URL that itself is sensitive), there's a risk of exposure through process listings, logs, or if the environment is not properly secured. While the script itself doesn't harvest credentials, it relies on the secure handling of this environment variable. Avoid embedding credentials directly into URLs or environment variables if possible. Use dedicated secret management systems. If environment variables are necessary, ensure they are protected by strict access controls in the execution environment. Ensure `EYEBOT_API` only contains the base URL and not any authentication tokens or keys. | LLM | scripts/cronbot.sh:4 |
Scan History
Embed Code
[](https://skillshield.io/report/3d7fa1acb352222e)
Powered by SkillShield