Trust Assessment
eyebot-tradebot received a trust score of 62/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 4 findings: 1 critical, 2 high, 0 medium, and 1 low severity. Key findings include Node lockfile missing, Unquoted environment variable in curl command leads to shell injection, User input sent to external, configurable API endpoint.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 40/100, indicating areas for improvement.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings4
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Unquoted environment variable in curl command leads to shell injection The `EYEBOT_API` environment variable is used to construct the URL for `curl` requests. Since `_E` (which holds `EYEBOT_API`) is used within double quotes in the `curl` command, but the variable itself is not explicitly quoted or sanitized for shell metacharacters, an attacker can inject arbitrary shell commands. If `EYEBOT_API` contains characters like `;`, `$(...)`, or `` ` ``, these will be interpreted by the shell, leading to arbitrary local command execution. Ensure `EYEBOT_API` is strictly validated to contain only a valid URL or is properly shell-quoted (e.g., using `printf %q`) before being used in a command. Alternatively, use a `curl` option that explicitly separates the URL from other arguments, or pass the URL as a separate argument to `curl` after validation. | LLM | scripts/tradebot.sh:18 | |
| HIGH | User input sent to external, configurable API endpoint All arguments passed to the `tradebot.sh` script (representing user commands and data like token amounts, prices, etc.) are encapsulated in a JSON payload and sent via `curl` to an API endpoint defined by the `EYEBOT_API` environment variable. If `EYEBOT_API` is configured to point to an untrusted or malicious server, all user-provided data will be exfiltrated to that server. Implement strict validation and whitelisting for the `EYEBOT_API` endpoint to ensure data is only sent to trusted services. Inform users clearly about data transmission to external services. Consider encrypting sensitive data before transmission or using a trusted proxy. | LLM | scripts/tradebot.sh:18 | |
| HIGH | `EYEBOT_API` environment variable, potentially containing credentials, is sent to external endpoint The script uses the `EYEBOT_API` environment variable to construct the target URL for API calls. If `EYEBOT_API` contains sensitive information such as an API key, token, or other credentials embedded in the URL, and an attacker can control this variable (e.g., through a compromised environment or misconfiguration), these credentials will be sent to an arbitrary external server, leading to credential harvesting. Avoid embedding credentials directly in URLs. If `EYEBOT_API` is intended to be a secret, it should be handled securely (e.g., passed in headers, encrypted, or managed by a secure vault). Implement strict validation and whitelisting for the `EYEBOT_API` endpoint. | LLM | scripts/tradebot.sh:18 | |
| LOW | Node lockfile missing package.json is present but no lockfile was found (package-lock.json, pnpm-lock.yaml, or yarn.lock). Commit a lockfile for deterministic dependency resolution. | Dependencies | skills/eyebots/eyebot-tradebot/package.json |
Scan History
Embed Code
[](https://skillshield.io/report/57e6e8f7f344c2c5)
Powered by SkillShield