Trust Assessment
forkzoo received a trust score of 23/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 11 findings: 0 critical, 3 high, 7 medium, and 1 low severity. Key findings include Sensitive environment variable access: $GITHUB_TOKEN, Sensitive environment variable access: $GITHUB_USER, JSON Injection via custom repository name.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 46/100, indicating areas for improvement.
Last analyzed on February 14, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings11
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | JSON Injection via custom repository name The `CUSTOM_NAME` variable, taken directly from user input (`$2`), is used unsanitized within a JSON payload for a `curl` request to the GitHub API. An attacker could inject arbitrary JSON by including double quotes or backslashes in `CUSTOM_NAME`, potentially altering the API request's intent (e.g., setting unintended repository properties) or causing errors. Sanitize `CUSTOM_NAME` (which becomes `REPO_NAME`) to escape JSON special characters before embedding it in the JSON payload. Alternatively, use a tool that handles JSON serialization safely, or ensure GitHub API sanitizes the `name` field. | LLM | scripts/adopt.sh:69 | |
| HIGH | URL Path Injection via repository name The `REPO_NAME` variable, when provided directly by the user as `$1`, is used unsanitized in the URL path for `curl` requests to the GitHub API. An attacker could inject characters like `/`, `?`, or `#` into `REPO_NAME` to perform URL path traversal (e.g., `myrepo/../../evil_path`) or inject new query parameters, potentially manipulating the API request to unintended endpoints or resources. Validate `REPO_NAME` to ensure it conforms to GitHub repository naming conventions and does not contain path traversal characters or URL metacharacters. URL-encode `REPO_NAME` before embedding it in the URL path. | LLM | scripts/interact.sh:40 | |
| HIGH | URL Path Injection via repository name The `REPO_NAME` variable, when provided directly by the user as `$1`, is used unsanitized in the URL path for `curl` requests to the GitHub API. An attacker could inject characters like `/`, `?`, or `#` into `REPO_NAME` to perform URL path traversal (e.g., `myrepo/../../evil_path`) or inject new query parameters, potentially accessing or manipulating unintended repository content. Validate `REPO_NAME` to ensure it conforms to GitHub repository naming conventions and does not contain path traversal characters or URL metacharacters. URL-encode `REPO_NAME` before embedding it in the URL path. | LLM | scripts/status.sh:40 | |
| MEDIUM | Sensitive environment variable access: $GITHUB_TOKEN Access to sensitive environment variable '$GITHUB_TOKEN' detected in shell context. Verify this environment variable access is necessary and the value is not exfiltrated. | Static | skills/levi-law/forkzoo/scripts/adopt.sh:31 | |
| MEDIUM | Sensitive environment variable access: $GITHUB_USER Access to sensitive environment variable '$GITHUB_USER' detected in shell context. Verify this environment variable access is necessary and the value is not exfiltrated. | Static | skills/levi-law/forkzoo/scripts/adopt.sh:42 | |
| MEDIUM | Sensitive environment variable access: $GITHUB_TOKEN Access to sensitive environment variable '$GITHUB_TOKEN' detected in shell context. Verify this environment variable access is necessary and the value is not exfiltrated. | Static | skills/levi-law/forkzoo/scripts/interact.sh:10 | |
| MEDIUM | Sensitive environment variable access: $GITHUB_USER Access to sensitive environment variable '$GITHUB_USER' detected in shell context. Verify this environment variable access is necessary and the value is not exfiltrated. | Static | skills/levi-law/forkzoo/scripts/interact.sh:22 | |
| MEDIUM | Sensitive environment variable access: $GITHUB_TOKEN Access to sensitive environment variable '$GITHUB_TOKEN' detected in shell context. Verify this environment variable access is necessary and the value is not exfiltrated. | Static | skills/levi-law/forkzoo/scripts/status.sh:10 | |
| MEDIUM | Sensitive environment variable access: $GITHUB_USER Access to sensitive environment variable '$GITHUB_USER' detected in shell context. Verify this environment variable access is necessary and the value is not exfiltrated. | Static | skills/levi-law/forkzoo/scripts/status.sh:25 | |
| MEDIUM | URL Query Parameter Injection via LIMIT The `LIMIT` variable, taken directly from user input (`$1`), is used unsanitized as a query parameter in a `curl` request to the GitHub API. An attacker could inject additional query parameters (e.g., `&evil=true`) by including `&` in the `LIMIT` value, potentially manipulating the API request or causing unexpected behavior. Validate `LIMIT` to ensure it's a positive integer, or URL-encode the `LIMIT` variable before embedding it in the URL. | LLM | scripts/gallery.sh:14 | |
| LOW | Broad GitHub Token Permissions Required The skill explicitly requires a `GITHUB_TOKEN` with `repo` and `workflow` scopes. These are broad permissions that grant extensive control over all repositories accessible by the token, including creating, deleting, and modifying code, as well as managing GitHub Actions workflows. While necessary for the skill's stated functionality (forking, enabling actions), users should be fully aware of the security implications of providing such a highly privileged token. Inform users clearly about the risks associated with broad token scopes. If possible, explore more granular permission models (e.g., GitHub App installations or fine-grained personal access tokens) to reduce the attack surface. | LLM | SKILL.md:20 |
Scan History
Embed Code
[](https://skillshield.io/report/fdbdcd55773fdc4f)
Powered by SkillShield