Trust Assessment
featurebase received a trust score of 50/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 4 findings: 0 critical, 3 high, 1 medium, and 0 low severity. Key findings include Sensitive path access: AI agent config, Sensitive environment variable access: $HOME, Command Injection via Unsanitized URL Parameters.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 14, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings4
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Sensitive path access: AI agent config Access to AI agent config path detected: '~/.clawdbot/'. This may indicate credential theft. Verify that access to this sensitive path is justified and declared. | Static | skills/rdewolff/featurebase/SKILL.md:12 | |
| HIGH | Command Injection via Unsanitized URL Parameters The `cmd_posts` function constructs URL query parameters by directly concatenating user-provided arguments (e.g., `--board`, `--status`, `--sort`, `--search`) into the `params` variable. If these arguments contain shell metacharacters (e.g., `$(command)`, backticks), the shell will execute them before passing the full URL to `curl`. This allows an attacker to execute arbitrary shell commands on the system where the skill is run. Sanitize user input before constructing URL parameters. Escape or disallow shell metacharacters. Ensure that all user-provided values are properly URL-encoded before being included in the URL string. For example, use `printf %q` for shell arguments or strictly validate input against expected patterns (e.g., UUIDs for IDs, enum values for status/sort). | LLM | scripts/featurebase.sh:70 | |
| HIGH | Command Injection via Unsanitized JSON Payload Content The `cmd_conversations reply` function constructs a JSON payload where the `--content` argument is directly inserted into the `bodyMarkdown` field. If the `$content` variable contains shell metacharacters (e.g., `$(command)`), the shell will execute these commands before passing the JSON string to `curl -d`. This allows an attacker to execute arbitrary shell commands on the system where the skill is run. Sanitize user input before embedding it into JSON strings. Escape or disallow shell metacharacters. For JSON values, ensure proper JSON escaping of special characters like `"` and `\`. A robust solution would be to use a JSON library that handles escaping automatically, or at minimum, manually escape `"` and `\` characters in `$content` before embedding it. | LLM | scripts/featurebase.sh:136 | |
| MEDIUM | Sensitive environment variable access: $HOME Access to sensitive environment variable '$HOME' detected in shell context. Verify this environment variable access is necessary and the value is not exfiltrated. | Static | skills/rdewolff/featurebase/scripts/featurebase.sh:9 |
Scan History
Embed Code
[](https://skillshield.io/report/d23dc5981ac20998)
Powered by SkillShield