Trust Assessment
forkzoo received a trust score of 30/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 8 findings: 0 critical, 2 high, 6 medium, and 0 low severity. Key findings include Sensitive environment variable access: $GITHUB_TOKEN, Sensitive environment variable access: $GITHUB_USER, Broad GitHub Token Scopes Required.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The Static Code Analysis layer scored lowest at 58/100, indicating areas for improvement.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings8
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Broad GitHub Token Scopes Required The skill explicitly requires a GitHub Personal Access Token with `repo` and `workflow` scopes. The `repo` scope grants full read/write access to all public and private repositories, and the `workflow` scope allows management of GitHub Actions workflows. This level of access is excessive for the stated functionality (managing digital pets) and poses a significant security risk. A compromised skill or LLM could leverage this token to access, modify, or delete sensitive data across all user repositories, or inject malicious workflows. Request the minimum necessary GitHub Token scopes. For example, if only public repo forking and workflow dispatch on the forked repo are needed, consider `public_repo` and `workflow` (if `workflow` can be scoped to specific repos, which it generally cannot for PATs, then it's still broad). Ideally, use GitHub Apps with fine-grained permissions. If `workflow` is truly needed, ensure the skill's logic is extremely robust against injection. | LLM | SKILL.md:24 | |
| HIGH | Unsanitized User Input in Shell Command The `scripts/gallery.sh` script directly interpolates the `$LIMIT` variable, which is derived from user input (`$1`), into a `curl` command without proper sanitization or quoting. An attacker could provide a malicious string as the `limit` argument (e.g., `10; rm -rf /`) to execute arbitrary shell commands on the system running the script. Sanitize or validate user input before using it in shell commands. For numeric inputs, ensure they are strictly integers. For example, modify the line to `LIMIT=$(printf "%d" "${1:-10}")` to ensure `$LIMIT` is an integer, or add an explicit validation check like `[[ "$LIMIT" =~ ^[0-9]+$ ]] || { echo "Invalid limit"; exit 1; }`. | LLM | scripts/gallery.sh:13 | |
| MEDIUM | Sensitive environment variable access: $GITHUB_TOKEN Access to sensitive environment variable '$GITHUB_TOKEN' detected in shell context. Verify this environment variable access is necessary and the value is not exfiltrated. | Static | skills/levi-law/forkzoo-skill/scripts/adopt.sh:31 | |
| MEDIUM | Sensitive environment variable access: $GITHUB_USER Access to sensitive environment variable '$GITHUB_USER' detected in shell context. Verify this environment variable access is necessary and the value is not exfiltrated. | Static | skills/levi-law/forkzoo-skill/scripts/adopt.sh:42 | |
| MEDIUM | Sensitive environment variable access: $GITHUB_TOKEN Access to sensitive environment variable '$GITHUB_TOKEN' detected in shell context. Verify this environment variable access is necessary and the value is not exfiltrated. | Static | skills/levi-law/forkzoo-skill/scripts/interact.sh:10 | |
| MEDIUM | Sensitive environment variable access: $GITHUB_USER Access to sensitive environment variable '$GITHUB_USER' detected in shell context. Verify this environment variable access is necessary and the value is not exfiltrated. | Static | skills/levi-law/forkzoo-skill/scripts/interact.sh:22 | |
| MEDIUM | Sensitive environment variable access: $GITHUB_TOKEN Access to sensitive environment variable '$GITHUB_TOKEN' detected in shell context. Verify this environment variable access is necessary and the value is not exfiltrated. | Static | skills/levi-law/forkzoo-skill/scripts/status.sh:10 | |
| MEDIUM | Sensitive environment variable access: $GITHUB_USER Access to sensitive environment variable '$GITHUB_USER' detected in shell context. Verify this environment variable access is necessary and the value is not exfiltrated. | Static | skills/levi-law/forkzoo-skill/scripts/status.sh:25 |
Scan History
Embed Code
[](https://skillshield.io/report/4ffbdaa96366f813)
Powered by SkillShield