Trust Assessment
freshrss received a trust score of 65/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 3 findings: 1 critical, 1 high, 1 medium, and 0 low severity. Key findings include Command Injection via 'date' utility with --hours parameter, API Password exposed in URL query parameter during authentication, Potential Command Injection via unsanitized category name in URL.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 48/100, indicating areas for improvement.
Last analyzed on February 14, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings3
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Command Injection via 'date' utility with --hours parameter The `cmd_headlines` function constructs a `date` command using the user-provided `--hours` argument. An attacker can inject arbitrary shell commands into the `HOURS` variable, leading to remote code execution. For example, providing `--hours "1; rm -rf /"` would attempt to delete the root directory on the system executing the script. Sanitize the `HOURS` input to ensure it only contains numeric values, or use a safer method to calculate the timestamp that does not involve direct shell command interpolation of user input. For example, validate `$HOURS` is an integer before passing it to `date`. | LLM | scripts/freshrss.sh:90 | |
| HIGH | API Password exposed in URL query parameter during authentication The `auth_login` function sends the `FRESHRSS_API_PASSWORD` directly in the URL's query string when authenticating with the FreshRSS API. This can expose the password in server access logs, proxy logs, and process lists (`ps aux`), making it vulnerable to interception or discovery by other processes on the same system or network monitoring. Use a more secure method for authentication, such as sending credentials in a POST request body, using HTTP Basic Auth with `curl -u "user:pass"`, or passing the password via a file or stdin to `curl` to prevent it from appearing in the command line arguments or URL. | LLM | scripts/freshrss.sh:30 | |
| MEDIUM | Potential Command Injection via unsanitized category name in URL The `cmd_headlines` function constructs a URL using the user-provided `--category` argument. This category name is directly embedded into the URL string which is then passed to `curl`. While the variable is double-quoted in the `curl` command, if the category name contains shell metacharacters (e.g., backticks, `$(...)`), it could lead to command injection before `curl` is executed, or `curl` might misinterpret it if not properly URL-encoded. URL-encode the `$CATEGORY` variable before embedding it into the URL string. This ensures that any special characters are treated as literal parts of the URL path rather than shell commands or URL components. For example, use `url_encode() { python3 -c 'import urllib.parse, sys; print(urllib.parse.quote_plus(sys.stdin.read().strip()))' <<< "$1"; }` and then `CATEGORY_ENCODED=$(url_encode "$CATEGORY")`. | LLM | scripts/freshrss.sh:80 |
Scan History
Embed Code
[](https://skillshield.io/report/c4d81cc4ba4b6526)
Powered by SkillShield