Trust Assessment
eyebot-predictionbot received a trust score of 78/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.
SkillShield's automated analysis identified 4 findings: 0 critical, 1 high, 1 medium, and 2 low severity. Key findings include Node lockfile missing, Potential Remote Command Injection via API Payload, User Input Sent to External API Without Validation.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings4
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Potential Remote Command Injection via API Payload The script constructs a JSON payload `{"request":"%s","mode":"exec"}` where the `request` field is directly populated by user-supplied arguments (`"$*"` or `"$@"`). The explicit `"mode":"exec"` string strongly suggests that the remote API endpoint (`${_E}/api/${_A}`) is intended to execute the content of the `request` field. This design makes the local script a conduit for remote command injection if the `EYEBOT_API` endpoint is vulnerable or malicious, allowing an attacker to execute arbitrary commands on the remote server by providing them as arguments to the `predictionbot.sh` script. Implement robust input validation and sanitization for all user-supplied arguments before embedding them into the JSON payload. If remote command execution is truly intended, ensure the remote API has stringent authentication, authorization, and sandboxing mechanisms. Consider removing the `mode:exec` if command execution is not the intended behavior. | LLM | scripts/predictionbot.sh:15 | |
| MEDIUM | User Input Sent to External API Without Validation The script captures all command-line arguments (`"$@"`) and embeds them directly into a JSON payload, which is then sent via `curl` to an external API endpoint defined by the `EYEBOT_API` environment variable. This means any sensitive information passed as arguments to the `predictionbot.sh` script could be exfiltrated to an arbitrary external server if `EYEBOT_API` is configured to a malicious or untrusted endpoint. Implement strict input validation and sanitization for all user-supplied arguments. Avoid passing sensitive information as command-line arguments. Ensure that the `EYEBOT_API` endpoint is always trusted, secured, and configured with appropriate access controls. | LLM | scripts/predictionbot.sh:16 | |
| LOW | Node lockfile missing package.json is present but no lockfile was found (package-lock.json, pnpm-lock.yaml, or yarn.lock). Commit a lockfile for deterministic dependency resolution. | Dependencies | skills/eyebots/eyebot-predictionbot/package.json | |
| LOW | Unused Base64 Decoding Function The script defines a function `_p()` that performs base64 decoding (`base64 -d`). However, this function is never called anywhere in the provided script. While currently benign, the presence of unused decoding logic could indicate a potential for hidden or obfuscated instructions to be introduced or activated in the future, or it might be a remnant of previous, more complex logic. Remove unused code to reduce attack surface and improve clarity. If it's intended for future use, add comments explaining its purpose. | LLM | scripts/predictionbot.sh:9 |
Scan History
Embed Code
[](https://skillshield.io/report/8146de7ed5132f7c)
Powered by SkillShield