Trust Assessment
find-skills received a trust score of 65/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 2 findings: 2 critical, 0 high, 0 medium, and 0 low severity. Key findings include Potential command injection via unsanitized user input in shell commands, Unconfirmed global installation of arbitrary code with excessive permissions.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 40/100, indicating areas for improvement.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings2
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Potential command injection via unsanitized user input in shell commands The skill instructs the agent to execute shell commands like `npx skills find [query]` and `npx skills add <package>` where parts of the command (`[query]`, `<package>`) are derived from user input. If the agent directly interpolates user-provided strings into these commands without proper sanitization or escaping, an attacker could inject arbitrary shell commands, leading to remote code execution. Instruct the agent to strictly sanitize or properly escape all user-provided input before incorporating it into shell commands. For example, use a safe shell execution library that automatically quotes arguments, or explicitly validate and escape input to prevent shell metacharacter injection. | LLM | SKILL.md:50 | |
| CRITICAL | Unconfirmed global installation of arbitrary code with excessive permissions The skill explicitly instructs the agent to install new skills globally (`-g`) and bypass confirmation prompts (`-y`) using the command `npx skills add <owner/repo@skill> -g -y`. This allows the agent to install arbitrary, potentially malicious, code from external repositories with elevated privileges (global scope) without explicit user review or confirmation for each specific installation. This poses a severe supply chain risk and grants excessive permissions to untrusted code. Remove the `-g` (global) and `-y` (skip confirmation) flags from the `npx skills add` instruction. Instead, prompt the user for explicit confirmation before installing any skill, especially globally. Recommend installing skills locally by default, or at least requiring explicit user consent for global installation after reviewing the skill's source and permissions. | LLM | SKILL.md:77 |
Scan History
Embed Code
[](https://skillshield.io/report/3091f18d6a8ba35a)
Powered by SkillShield