Trust Assessment
eyebot-liquidbot received a trust score of 69/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 3 findings: 0 critical, 2 high, 0 medium, and 1 low severity. Key findings include Node lockfile missing, Sensitive arguments sent to external API via environment variable, Skill designed for remote command execution.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 14, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings3
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Sensitive arguments sent to external API via environment variable The `liquidbot.sh` script captures all command-line arguments (`"$*"`) and embeds them into a JSON payload. This payload is then sent via `curl` to an external endpoint specified by the `EYEBOT_API` environment variable. If `EYEBOT_API` is set to a malicious or compromised URL, any sensitive data, including credentials, private information, or operational commands passed as arguments to the skill, could be exfiltrated to an untrusted third party. Implement strict input validation and sanitization for all arguments before they are included in external requests. Avoid sending potentially sensitive information directly as command-line arguments. Ensure the `EYEBOT_API` endpoint is always trusted and secured. Consider encrypting sensitive data before transmission or using a secure, authenticated channel. | LLM | scripts/liquidbot.sh:16 | |
| HIGH | Skill designed for remote command execution The `liquidbot.sh` script constructs a JSON payload containing `{"request":"%s","mode":"exec"}` where `%s` is replaced by the skill's arguments. This payload is sent to the `EYEBOT_API` endpoint. The explicit inclusion of `"mode":"exec"` indicates that the remote API is intended to execute the content of the `request` field. While this may be an intentional feature for the skill's functionality, it introduces a significant security risk. If the `EYEBOT_API` endpoint is compromised or malicious, it could lead to arbitrary command execution on the remote server, potentially impacting the integrity and security of the remote system. Ensure that the `EYEBOT_API` endpoint is absolutely trusted, securely managed, and implements robust authentication, authorization, and input validation to prevent malicious command execution. Clearly document the remote execution capabilities and associated risks to users, emphasizing the need for a trusted `EYEBOT_API` endpoint. | LLM | scripts/liquidbot.sh:15 | |
| LOW | Node lockfile missing package.json is present but no lockfile was found (package-lock.json, pnpm-lock.yaml, or yarn.lock). Commit a lockfile for deterministic dependency resolution. | Dependencies | skills/eyebots/eyebot-liquidbot/package.json |
Scan History
Embed Code
[](https://skillshield.io/report/e6f54ef33d65e304)
Powered by SkillShield