Trust Assessment
gurkerl received a trust score of 45/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 3 findings: 1 critical, 2 high, 0 medium, and 0 low severity. Key findings include Persistence / self-modification instructions, Persistence mechanism: systemd service, Potential Command Injection via CLI Arguments.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings3
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Persistence / self-modification instructions systemd service persistence Remove any persistence mechanisms. Skills should not modify system startup configurations, crontabs, LaunchAgents, systemd services, or shell profiles. | Manifest | skills/florianbeer/gurkerl/SKILL.md:16 | |
| HIGH | Persistence mechanism: systemd service Detected systemd service pattern. Persistence mechanisms allow malware to survive system restarts. Review this persistence pattern. Skills should not modify system startup configuration. | Static | skills/florianbeer/gurkerl/SKILL.md:16 | |
| HIGH | Potential Command Injection via CLI Arguments The skill's documented CLI usage pattern involves passing user-controlled JSON strings as arguments to the `gurkerl` command. Given that the manifest declares dependencies on `curl` and `jq`, it is highly probable that the `gurkerl` command is implemented as a shell script. If this script directly interpolates these user-provided JSON strings into shell commands (e.g., `curl` commands) without proper sanitization or escaping, it could allow an attacker to inject arbitrary shell commands. For example, a malicious JSON string could contain shell metacharacters or command substitutions that execute unintended commands on the host system. The underlying `gurkerl` script must ensure that all user-provided input, especially JSON arguments, is properly sanitized and escaped before being used in shell commands. Prefer using safer methods for passing data to `curl`, such as `--data-binary @-` with input from stdin, or using a programming language that provides robust argument parsing and secure subprocess execution functions (e.g., `subprocess.run` with `shell=False` in Python) instead of direct shell interpolation. | LLM | SKILL.md:30 |
Scan History
Embed Code
[](https://skillshield.io/report/4221b0949529e3ea)
Powered by SkillShield