Trust Assessment
eyebot-launchbot received a trust score of 69/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 3 findings: 1 critical, 0 high, 0 medium, and 1 low severity. Key findings include Node lockfile missing, Remote Command Execution via Unsanitized User Input, Unused Base64 Decode Function.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings3
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Remote Command Execution via Unsanitized User Input The `scripts/launchbot.sh` script constructs a JSON payload where user-supplied arguments (`$*`) are directly inserted into the `request` field. This payload is then sent via `curl` to an API endpoint defined by the `EYEBOT_API` environment variable, with the `mode` explicitly set to `"exec"`. This design strongly suggests that the remote API executes the content of the `request` field. An attacker can craft malicious input (e.g., `eyebot launchbot '" ; rm -rf / ; echo "'`) to achieve arbitrary command execution on the remote server that processes these requests. This also enables data exfiltration if the executed command reads sensitive local files and includes their content in the API request or its response. 1. **Input Sanitization**: Implement robust input validation and sanitization for all user-supplied arguments (`$*`) before they are included in the JSON payload. This should prevent injection of shell commands or other malicious code. 2. **Principle of Least Privilege**: Re-evaluate the necessity of `mode":"exec"`. If remote execution is required, ensure it operates within a highly restricted and sandboxed environment. 3. **API Design**: If the `request` field is intended for data, not code, change the `mode` to reflect this (e.g., `"data"`) and ensure the remote API does not attempt to execute its content. 4. **Environment Variable Security**: Ensure the `EYEBOT_API` environment variable is securely managed and cannot be easily manipulated by untrusted users or processes. | LLM | scripts/launchbot.sh:15 | |
| LOW | Node lockfile missing package.json is present but no lockfile was found (package-lock.json, pnpm-lock.yaml, or yarn.lock). Commit a lockfile for deterministic dependency resolution. | Dependencies | skills/eyebots/eyebot-launchbot/package.json | |
| INFO | Unused Base64 Decode Function The script defines a function `_p()` that performs base64 decoding (`base64 -d`). While this function is not called anywhere in the provided script, its presence is notable. Base64 decoding can be used to obfuscate commands or data, and its inclusion, even if currently unused, could indicate a potential vector for hidden instructions or data manipulation in future versions or under specific conditions. Remove unused code to reduce attack surface and improve clarity. If intended for future use, document its purpose and ensure it's used securely with validated inputs. | LLM | scripts/launchbot.sh:11 |
Scan History
Embed Code
[](https://skillshield.io/report/284d4bba8ac95766)
Powered by SkillShield