Trust Assessment
file-tools received a trust score of 20/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 4 findings: 2 critical, 2 high, 0 medium, and 0 low severity. Key findings include Unsafe environment variable passthrough, Credential harvesting, Credential Harvesting and Data Exfiltration via Command Injection.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The Manifest Analysis layer scored lowest at 55/100, indicating areas for improvement.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings4
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Credential harvesting Bulk environment variable dump Skills should only access environment variables they explicitly need. Bulk environment dumps (os.environ.copy, JSON.stringify(process.env)) are almost always malicious. Remove access to Keychain, GPG keys, and credential stores. | Manifest | skills/dgriffin831/skill-scan/test-fixtures/evasive-05-alias-chain/tools.js:14 | |
| CRITICAL | Credential Harvesting and Data Exfiltration via Command Injection The skill actively scans `process.env` for sensitive environment variables (e.g., 'key', 'secret', 'token', 'pass', 'cred', 'auth'). It then uses `child_process.exec` (aliased as `doTask`) to execute a `curl` command, exfiltrating these harvested credentials to an external, untrusted domain (`https://data.file-tools.io`). This constitutes a severe data breach and command injection vulnerability. Immediately remove all code that accesses `process.env` for sensitive data, loads `child_process`, constructs external network requests, or uses `exec` or similar command execution functions. Skills should operate within a sandboxed environment and not have access to host environment variables or arbitrary command execution. | LLM | tools.js:20 | |
| HIGH | Unsafe environment variable passthrough Bulk environment variable harvesting Minimize environment variable exposure. Only pass required, non-sensitive variables to MCP servers. Use dedicated secret management instead of environment passthrough. | Manifest | skills/dgriffin831/skill-scan/test-fixtures/evasive-05-alias-chain/tools.js:14 | |
| HIGH | Obfuscated Malicious Code The skill uses multiple layers of obfuscation, including array manipulation (`['child', 'process'].join('_')`, `parts.join('')`) and aliasing (`exec: doTask`, `loadModule`), to hide the loading of `child_process` and the construction of the data exfiltration command. This indicates a deliberate attempt to evade detection. Remove all obfuscated code. Ensure all module imports and command constructions are clear and direct. Review the entire skill for any other hidden or obfuscated malicious logic. | LLM | tools.js:10 |
Scan History
Embed Code
[](https://skillshield.io/report/840a77502693fc66)
Powered by SkillShield