Trust Assessment
fork-aware-updater received a trust score of 58/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 4 findings: 1 critical, 2 high, 1 medium, and 0 low severity. Key findings include Missing required field: name, Direct Command Execution via 'exec', Excessive Permissions Required for Skill Operation.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 40/100, indicating areas for improvement.
Last analyzed on February 14, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings4
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | High Supply Chain Risk from Auto-Updating External Forks The skill's primary purpose is to monitor and 'auto-update superior forks' from external Git repositories. This introduces a critical supply chain risk, as a malicious or compromised fork could inject harmful code directly into the agent's environment. While 'audits' and 'scoring' are mentioned, the effectiveness and implementation of these security measures are not detailed, and the 'auto-update' mechanism remains a high-risk operation. Thoroughly vet all external repositories. Implement strong cryptographic verification (e.g., signed commits, trusted maintainers). Ensure the 'audits' and 'scoring' mechanisms are robust and independently verifiable. Consider manual review for all updates, even 'superior' ones. The 'Human confirm' step is a good mitigation, but ensure it's always enforced before any code integration. | LLM | SKILL.md:3 | |
| HIGH | Direct Command Execution via 'exec' The skill explicitly states its usage involves `exec node skills/fork-aware-updater/updater.js`. This is a direct command execution primitive. If the `updater.js` script or its inputs are vulnerable to manipulation, it could lead to command injection, allowing an attacker to execute arbitrary commands on the host system. Review the `updater.js` script for vulnerabilities, especially regarding input sanitization. Ensure that any arguments passed to `node` or within the script itself are properly validated and sanitized to prevent command injection. Consider using safer alternatives to direct `exec` where possible, or strictly sandboxing the execution environment. | LLM | SKILL.md:10 | |
| HIGH | Excessive Permissions Required for Skill Operation The skill's core functionality, which involves 'auto-updates superior forks' and 'git pull/merge', inherently requires broad system permissions. This includes filesystem write access to modify code, network access to fetch repositories, and the ability to execute arbitrary code (via `node` and `git`). If the skill is compromised, these extensive permissions could be abused to perform malicious actions on the host system. Implement the principle of least privilege. Strictly define and limit the permissions granted to the skill. Ensure the 'Safety sandbox' mentioned is robust and effectively isolates the skill's operations from critical system resources. Regularly audit the skill's actual runtime permissions. | LLM | SKILL.md:3 | |
| MEDIUM | Missing required field: name The 'name' field is required for claude_code skills but is missing from frontmatter. Add a 'name' field to the SKILL.md frontmatter. | Static | skills/kunoiiv/fork-aware-updater/SKILL.md:1 |
Scan History
Embed Code
[](https://skillshield.io/report/c4605c8d040b751d)
Powered by SkillShield