Trust Assessment
find-skills received a trust score of 65/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 3 findings: 1 critical, 2 high, 0 medium, and 0 low severity. Key findings include Potential Command Injection via `npx skills find` query, Potential Command Injection via `npx skills add` package name, Arbitrary Code Execution via Unvetted Skill Installation.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 40/100, indicating areas for improvement.
Last analyzed on February 14, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings3
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Arbitrary Code Execution via Unvetted Skill Installation The skill explicitly instructs the agent to install arbitrary packages from GitHub using `npx skills add <owner/repo@skill> -g -y`. This introduces a significant supply chain risk, as the agent is directed to download and execute code from potentially untrusted third-party sources without explicit vetting. The `-g` flag further exacerbates this by installing packages globally, granting excessive permissions and potentially affecting the entire system or user environment. A malicious skill package could execute arbitrary code, compromise the system, or exfiltrate data. 1. **Restrict Sources**: Limit skill installations to a curated, trusted registry or a predefined list of approved repositories. 2. **Code Review/Scanning**: Implement automated security scanning or manual code review for all skills before installation. 3. **Least Privilege**: Avoid global installations (`-g`) unless absolutely necessary. Prefer isolated environments or user-level installations. 4. **User Confirmation**: Require explicit user confirmation for any skill installation, especially for those from external sources. 5. **Sandboxing**: Execute skill installation and execution within a sandboxed environment to limit potential damage. | LLM | SKILL.md:70 | |
| HIGH | Potential Command Injection via `npx skills find` query The skill explicitly instructs the agent to execute `npx skills find [query]` where `[query]` is derived directly from user input. Without robust input sanitization of the `[query]` parameter before command construction and execution, a malicious user could inject arbitrary shell commands, leading to remote code execution in the agent's environment. Implement robust input sanitization and validation for all user-provided input (`[query]`) before constructing and executing shell commands. Consider using a safe command execution library that prevents shell injection. | LLM | SKILL.md:48 | |
| HIGH | Potential Command Injection via `npx skills add` package name The skill explicitly instructs the agent to execute `npx skills add <owner/repo@skill>` where `<owner/repo@skill>` is derived from user selection (which originates from user search queries). Without robust input sanitization of the package identifier before command construction and execution, a malicious user could inject arbitrary shell commands, leading to remote code execution. Implement robust input sanitization and validation for the `<owner/repo@skill>` parameter before constructing and executing shell commands. Ensure that only valid package identifiers are allowed. | LLM | SKILL.md:70 |
Scan History
Embed Code
[](https://skillshield.io/report/dbbbebfa8299c1dd)
Powered by SkillShield