Trust Assessment
feelgoodbot received a trust score of 43/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 3 findings: 1 critical, 2 high, 0 medium, and 0 low severity. Key findings include Network egress to untrusted endpoints, Unpinned remote binary installation, Unsanitized command execution in agent integration pseudocode.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings3
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Network egress to untrusted endpoints HTTP request to raw IP address Review all outbound network calls. Remove connections to webhook collectors, paste sites, and raw IP addresses. Legitimate API calls should use well-known service domains. | Manifest | skills/kris-hansen/feelgoodbot/scripts/setup.sh:66 | |
| HIGH | Unpinned remote binary installation The `scripts/setup.sh` installs the `feelgoodbot` binary from a remote GitHub repository using `go install github.com/kris-hansen/feelgoodbot/cmd/feelgoodbot@latest`. Using `@latest` means the installed version is unpinned and can change at any time. This introduces a significant supply chain risk, as a malicious update to the upstream repository could compromise the system without explicit review. The `feelgoodbot` binary, once installed, is designed to run as a daemon and perform file integrity monitoring, granting it broad system access. Pin the dependency to a specific, reviewed version or commit hash (e.g., `@v1.2.3` or `@<commit_hash>`). Alternatively, include the source code directly in the skill package for local compilation and review. | LLM | scripts/setup.sh:15 | |
| HIGH | Unsanitized command execution in agent integration pseudocode The 'Example Agent Flow (Pseudocode)' in `SKILL.md` demonstrates executing shell commands by concatenating an `action` variable directly into the command string: `exec("feelgoodbot totp check " + action)`. If the `action` variable is derived from untrusted user input without proper sanitization or escaping, an attacker could inject arbitrary shell commands. For example, if `action` is `"; rm -rf /; echo "`, the command executed would be `feelgoodbot totp check ; rm -rf /; echo `, leading to arbitrary command execution. This vulnerable pattern is also shown for `feelgoodbot totp verify` with the `code` variable. Agents should use a safe method for executing external commands, such as passing arguments as a list to `subprocess.run()` or similar functions in their respective languages, rather than concatenating them into a single shell string. If `shell=True` is necessary, ensure all untrusted inputs are strictly validated and escaped. | LLM | SKILL.md:169 |
Scan History
Embed Code
[](https://skillshield.io/report/940f7721202e91a0)
Powered by SkillShield