Trust Assessment
eyebot-yieldbot received a trust score of 62/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 4 findings: 1 critical, 1 high, 0 medium, and 1 low severity. Key findings include Node lockfile missing, Remote Command Injection via User Input, Data Exfiltration to External API.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 55/100, indicating areas for improvement.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings4
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Remote Command Injection via User Input The `yieldbot.sh` script directly embeds user-provided arguments (`$*` and `$@`) into a JSON payload's 'request' field, which is then sent to a remote API endpoint. The `mode":"exec"` in the payload strongly indicates that the remote API is designed to execute the content of the 'request' field. This allows an attacker to inject arbitrary commands that will be executed on the remote server by crafting malicious input. Implement robust input sanitization and validation for all user-provided arguments before they are included in the JSON payload. The remote API should not directly execute arbitrary strings from the 'request' field. Instead, it should expose specific, parameterized functions or use a command whitelist. If execution is necessary, ensure proper escaping for the target execution environment. | LLM | scripts/yieldbot.sh:15 | |
| HIGH | Data Exfiltration to External API The script sends user input and potentially other data (e.g., the value of `EYEBOT_API` if it contains sensitive information) to an external API endpoint defined by the `EYEBOT_API` environment variable. If this API endpoint is compromised or controlled by an attacker, any data sent to it, including user commands and potentially sensitive environment variables, could be exfiltrated. Ensure that the `EYEBOT_API` endpoint is trusted, secure, and has strict access controls. Minimize the amount of sensitive information included in requests. Implement comprehensive logging and monitoring on the API side to detect unusual activity. | LLM | scripts/yieldbot.sh:17 | |
| LOW | Node lockfile missing package.json is present but no lockfile was found (package-lock.json, pnpm-lock.yaml, or yarn.lock). Commit a lockfile for deterministic dependency resolution. | Dependencies | skills/eyebots/eyebot-yieldbot/package.json | |
| INFO | Unused Base64 Decoding Function The script defines a function `_p` that performs base64 decoding, but this function is not called anywhere within the provided script. While not directly malicious in its current state, the presence of unused obfuscation/de-obfuscation utilities can be a suspicious indicator for hidden or future functionality that might be used to conceal malicious code. Remove unused code to improve clarity and reduce potential attack surface. If the function is intended for future use, add comments explaining its purpose and why it's currently unused. | LLM | scripts/yieldbot.sh:9 |
Scan History
Embed Code
[](https://skillshield.io/report/2a424ebf3017d8e7)
Powered by SkillShield