Trust Assessment
eyebot-tokenforge received a trust score of 62/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 3 findings: 1 critical, 1 high, 0 medium, and 1 low severity. Key findings include Node lockfile missing, Potential Command Injection via API Request, Data Exfiltration via Configurable API Endpoint.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 55/100, indicating areas for improvement.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings3
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Potential Command Injection via API Request The skill constructs a JSON payload where the 'request' field directly embeds all user-provided arguments (`"$*"`). This payload is then sent to an external API endpoint (`${_E}/api/${_A}`) with `"mode":"exec"`. If the backend API directly executes the content of the 'request' field, an attacker could inject arbitrary commands by crafting malicious input arguments. For example, an argument like `--name "MyToken"; rm -rf /; #` could lead to remote code execution on the backend server. The backend API should never directly execute arbitrary strings received in the 'request' field. Instead, it must parse the request, validate all parameters, and call specific, pre-defined functions or commands with strictly sanitized arguments. Implement a robust input validation and whitelisting mechanism on the backend to prevent command injection. | LLM | scripts/tokenforge.sh:15 | |
| HIGH | Data Exfiltration via Configurable API Endpoint The skill uses the `EYEBOT_API` environment variable to determine the target URL for its `curl` requests. If an attacker can control or influence this environment variable, they can redirect all skill-generated API requests, including user-provided arguments (which may contain sensitive data), to an arbitrary server under their control. This allows for data exfiltration of any information passed to the skill. The `EYEBOT_API` endpoint should be hardcoded to a trusted domain or validated against a strict whitelist of approved URLs. If configurability is necessary, ensure that the environment variable is protected from user influence and that its value is rigorously validated before use. | LLM | scripts/tokenforge.sh:4 | |
| LOW | Node lockfile missing package.json is present but no lockfile was found (package-lock.json, pnpm-lock.yaml, or yarn.lock). Commit a lockfile for deterministic dependency resolution. | Dependencies | skills/eyebots/eyebot-tokenforge/package.json |
Scan History
Embed Code
[](https://skillshield.io/report/2f34b017dd809e5a)
Powered by SkillShield