Trust Assessment
find-skills received a trust score of 65/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 3 findings: 1 critical, 2 high, 0 medium, and 0 low severity. Key findings include Potential Command Injection in 'npx skills find', Potential Command Injection in 'npx skills add', Arbitrary Skill Installation Poses Supply Chain Risk.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 40/100, indicating areas for improvement.
Last analyzed on February 12, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings3
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Arbitrary Skill Installation Poses Supply Chain Risk The skill explicitly instructs the agent to install external skills using 'npx skills add <owner/repo@skill> -g -y', potentially from arbitrary sources (e.g., GitHub). This allows the agent to download and execute unvetted third-party code, introducing a significant supply chain risk. A malicious skill could contain backdoors, exfiltrate data, or perform other harmful actions. The '-g' flag for global installation further amplifies the potential impact. Implement strict vetting processes for skills before installation. Consider whitelisting trusted skill repositories or requiring explicit user confirmation and warning before installing skills from untrusted sources. The agent should inform the user about the risks of installing third-party code. If possible, execute installed skills in a sandboxed environment. | LLM | SKILL.md:68 | |
| HIGH | Potential Command Injection in 'npx skills find' The skill instructs the agent to construct and execute shell commands using user-provided input for the '[query]' parameter in 'npx skills find [query]'. Without explicit sanitization of user input before interpolation into the shell command, a malicious user could inject arbitrary shell commands. For example, if '[query]' is 'foo; rm -rf /', the command would become 'npx skills find foo; rm -rf /'. Instruct the agent to strictly sanitize or escape user-provided input before incorporating it into shell commands. Consider using a safe command execution mechanism that prevents shell metacharacter interpretation, or explicitly whitelist allowed characters. | LLM | SKILL.md:28 | |
| HIGH | Potential Command Injection in 'npx skills add' The skill instructs the agent to construct and execute shell commands using user-provided input for the '<owner/repo@skill>' parameter in 'npx skills add <owner/repo@skill> -g -y'. Without explicit sanitization of user input, a malicious user could inject arbitrary shell commands. For example, if '<owner/repo@skill>' is 'malicious/repo@skill; evil_command', the command would become 'npx skills add malicious/repo@skill; evil_command -g -y'. This is particularly critical as 'npx skills add' also installs external code. Instruct the agent to strictly sanitize or escape user-provided input before incorporating it into shell commands. Validate the '<owner/repo@skill>' format to ensure it conforms to expected repository/skill naming conventions and does not contain shell metacharacters. | LLM | SKILL.md:68 |
Scan History
Embed Code
[](https://skillshield.io/report/0d3cf617e33b974b)
Powered by SkillShield