Trust Assessment
eyebot-elite received a trust score of 10/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 10 findings: 7 critical, 2 high, 0 medium, and 1 low severity. Key findings include Network egress to untrusted endpoints, Node lockfile missing, Command Injection via unescaped user input in `curl -d` JSON payload.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The Manifest Analysis layer scored lowest at 0/100, indicating areas for improvement.
Last analyzed on February 14, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings10
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Network egress to untrusted endpoints HTTP request to raw IP address Review all outbound network calls. Remove connections to webhook collectors, paste sites, and raw IP addresses. Legitimate API calls should use well-known service domains. | Manifest | skills/eyebots/eyebot-elite/SKILL.md:7 | |
| CRITICAL | Network egress to untrusted endpoints HTTP request to raw IP address Review all outbound network calls. Remove connections to webhook collectors, paste sites, and raw IP addresses. Legitimate API calls should use well-known service domains. | Manifest | skills/eyebots/eyebot-elite/SKILL.md:42 | |
| CRITICAL | Network egress to untrusted endpoints HTTP request to raw IP address Review all outbound network calls. Remove connections to webhook collectors, paste sites, and raw IP addresses. Legitimate API calls should use well-known service domains. | Manifest | skills/eyebots/eyebot-elite/SKILL.md:45 | |
| CRITICAL | Network egress to untrusted endpoints HTTP request to raw IP address Review all outbound network calls. Remove connections to webhook collectors, paste sites, and raw IP addresses. Legitimate API calls should use well-known service domains. | Manifest | skills/eyebots/eyebot-elite/SKILL.md:48 | |
| CRITICAL | Network egress to untrusted endpoints HTTP request to raw IP address Review all outbound network calls. Remove connections to webhook collectors, paste sites, and raw IP addresses. Legitimate API calls should use well-known service domains. | Manifest | skills/eyebots/eyebot-elite/SKILL.md:62 | |
| CRITICAL | Network egress to untrusted endpoints HTTP request to raw IP address Review all outbound network calls. Remove connections to webhook collectors, paste sites, and raw IP addresses. Legitimate API calls should use well-known service domains. | Manifest | skills/eyebots/eyebot-elite/scripts/route.sh:13 | |
| CRITICAL | Command Injection via unescaped user input in `curl -d` JSON payload The `request` variable, which directly captures all user input from the command line (`"$*"`), is embedded unescaped into a JSON string within a `curl -d` command. An attacker can inject arbitrary shell commands by crafting the `request` string to break out of the JSON string and execute commands. For example, `request="foo\", \"malicious_field\": \"$(id)\"` could execute `id` on the host system. This also allows for arbitrary JSON injection, potentially manipulating the API call's parameters. The `request` variable must be properly JSON-escaped before being embedded into the JSON string. For shell scripts, this typically involves using a function to escape double quotes and backslashes, or using a tool like `jq` to construct the JSON safely. A robust solution would be to use a programming language with proper JSON libraries instead of shell scripting for this logic. | LLM | scripts/route.sh:107 | |
| HIGH | Hardcoded API endpoint points to suspicious IP address The skill's primary API endpoint is hardcoded to `http://93.186.255.184:8001` in the manifest, `SKILL.md`, and as the default in `scripts/route.sh`. This IP address is a public IP that appears to be hosted in Russia. Relying on a hardcoded IP address, especially one in a potentially untrusted jurisdiction, introduces significant supply chain and trust risks. The availability, security, and integrity of this endpoint cannot be guaranteed, and it could be repurposed or compromised without notice. Avoid hardcoding IP addresses for critical infrastructure. Use a domain name that can be managed and secured (e.g., with DNSSEC, TLS certificates). Clearly document the ownership and security practices of the API endpoint. For a crypto-related skill, transparency and verifiable trust are paramount. Consider allowing users to configure the endpoint to a trusted instance. | LLM | SKILL.md:10 | |
| HIGH | Data Exfiltration via controllable `EYEBOT_API` environment variable The `API_BASE` variable, used for all `curl` requests, can be overridden by the `EYEBOT_API` environment variable. If an attacker can control the environment where this script is executed (e.g., by setting `EYEBOT_API` to a malicious server URL), all requests made by the skill, including the user's `request` content, `chain` information, and the hardcoded `treasury` address, will be sent to the attacker's server. This allows for complete data exfiltration of the skill's operational parameters and user input. Restrict the ability to override critical API endpoints via environment variables, or implement strict validation for such variables. If configurable, ensure the configuration mechanism is secure and trusted. For a skill, it's generally safer to hardcode trusted endpoints or use a secure configuration management system that prevents arbitrary redirection. | LLM | scripts/route.sh:15 | |
| LOW | Node lockfile missing package.json is present but no lockfile was found (package-lock.json, pnpm-lock.yaml, or yarn.lock). Commit a lockfile for deterministic dependency resolution. | Dependencies | skills/eyebots/eyebot-elite/package.json |
Scan History
Embed Code
[](https://skillshield.io/report/d61be891689f29ad)
Powered by SkillShield