Trust Assessment
gimhub received a trust score of 58/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 3 findings: 1 critical, 0 high, 2 medium, and 0 low severity. Key findings include Suspicious import: urllib.request, API Token Stored in Local Configuration File, Default Push Exfiltrates All Non-Hidden Files in Current Directory.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 63/100, indicating areas for improvement.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings3
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Default Push Exfiltrates All Non-Hidden Files in Current Directory The `cmd_push` function, when invoked without explicitly specifying files (`args.files`), defaults to recursively reading and sending *all* non-binary, non-hidden files from the current working directory and its subdirectories to the GIMHub API. This behavior constitutes excessive permissions and a severe data exfiltration risk. An agent could be prompted to 'push the current project' in a directory containing sensitive information (e.g., `.env` files, configuration files, private keys if not hidden, logs, etc.), leading to their unintended exposure on GIMHub. The default ignore list is insufficient to prevent exfiltration of many common sensitive file types. 1. **Remove default recursive push:** Require explicit file paths or a manifest file for pushes. Do not automatically scan and upload entire directories. 2. **Implement a robust `.gitignore`-like mechanism:** If a default push is absolutely necessary, implement a comprehensive ignore system that respects `.gitignore` patterns and includes a much broader set of default sensitive file types (e.g., `*.env`, `*.pem`, `*.key`, `credentials.json`, `config.yaml`, `secrets.py`, etc.). 3. **Prompt for confirmation:** Before performing a broad push, prompt the user for explicit confirmation, listing the files that will be uploaded. | LLM | scripts/gimhub.py:110 | |
| MEDIUM | Suspicious import: urllib.request Import of 'urllib.request' detected. This module provides network or low-level system access. Verify this import is necessary. Network and system modules in skill code may indicate data exfiltration. | Static | skills/daxiongmao87/gimhub/scripts/gimhub.py:9 | |
| MEDIUM | API Token Stored in Local Configuration File The skill stores the GIMHub API token in a local configuration file (`~/.gimhub/config.json`) after successful registration. While common for CLI tools, this means the token persists on the filesystem. If the agent's environment or filesystem is compromised, an attacker could retrieve this token, leading to unauthorized access to the agent's GIMHub account. Advise users to secure their agent's environment and filesystem. For highly sensitive operations, consider using ephemeral tokens or requiring re-authentication. Ensure the config file has restrictive permissions (e.g., `chmod 600`). | LLM | scripts/gimhub.py:40 |
Scan History
Embed Code
[](https://skillshield.io/report/9910bcd5c782e1dd)
Powered by SkillShield