Trust Assessment
eyebot-lightningbot received a trust score of 62/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 4 findings: 1 critical, 1 high, 1 medium, and 1 low severity. Key findings include Node lockfile missing, Remote Command Injection via unsanitized user input, Potential Data Exfiltration via configurable API endpoint.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 48/100, indicating areas for improvement.
Last analyzed on February 14, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings4
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Remote Command Injection via unsanitized user input The `scripts/lightningbot.sh` script constructs a JSON payload where user-provided arguments (`$*`) are directly embedded into the `request` field. This payload is then sent to a remote API endpoint (`$_E/api/lightningbot`) with `mode: "exec"`. This strongly indicates that the remote endpoint is designed to execute the content of the `request` field. An attacker can inject arbitrary commands by providing malicious input to the `eyebot lightningbot` skill, leading to remote code execution on the server hosting the `EYEBOT_API`. Implement robust input sanitization and validation for all user-provided arguments before embedding them into the JSON payload. The remote API should also strictly validate and sanitize inputs, and ideally, not execute arbitrary commands based on user input. If execution is necessary, use a whitelist of allowed commands and arguments, or a secure sandboxed environment. Avoid `mode: "exec"` with unsanitized user input. | LLM | scripts/lightningbot.sh:15 | |
| HIGH | Potential Data Exfiltration via configurable API endpoint The script sends all user input and skill commands to a remote API endpoint defined by the `EYEBOT_API` environment variable. If an attacker can control this environment variable (e.g., through a compromised environment or by tricking the user into setting it), they can redirect all data processed by the `lightningbot` skill, including sensitive payment details or commands, to an arbitrary attacker-controlled server. Restrict the `EYEBOT_API` endpoint to a trusted, immutable value within the skill's deployment environment. Do not allow it to be easily overridden by untrusted sources. If configuration is necessary, ensure it's done securely and validated. Implement strict access controls and authentication for the API endpoint. | LLM | scripts/lightningbot.sh:4 | |
| MEDIUM | Potential Prompt Injection if remote API is an LLM The skill forwards all user input directly to a remote API endpoint (`$_E/api/lightningbot`) without sanitization. If this remote API endpoint is an LLM or acts as a proxy to one, an attacker could craft malicious input to manipulate the LLM's behavior, extract sensitive information, or induce unintended actions. The `mode: "exec"` suggests a command execution endpoint, but the possibility of an LLM interpreting and then executing commands makes this a potential vector. Implement strict input validation and sanitization before sending user input to any remote API, especially if it might interact with an LLM. Use allow-lists for expected commands and parameters. Ensure the remote API is hardened against prompt injection and only processes inputs as intended. | LLM | scripts/lightningbot.sh:15 | |
| LOW | Node lockfile missing package.json is present but no lockfile was found (package-lock.json, pnpm-lock.yaml, or yarn.lock). Commit a lockfile for deterministic dependency resolution. | Dependencies | skills/eyebots/eyebot-lightningbot/package.json |
Scan History
Embed Code
[](https://skillshield.io/report/f9e529464ae611ac)
Powered by SkillShield