Trust Assessment
guru-mcp received a trust score of 38/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 4 findings: 1 critical, 2 high, 1 medium, and 0 low severity. Key findings include File read + network send exfiltration, Sensitive path access: AI agent config, Unpinned Binary Dependency.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 14, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings4
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | File read + network send exfiltration AI agent config/credential file access Remove access to sensitive files not required by the skill's stated purpose. SSH keys, cloud credentials, and browser data should never be read by skills unless explicitly part of their declared functionality. | Manifest | skills/pvoo/guru-mcp/SKILL.md:26 | |
| HIGH | Sensitive path access: AI agent config Access to AI agent config path detected: '~/.clawdbot/'. This may indicate credential theft. Verify that access to this sensitive path is justified and declared. | Static | skills/pvoo/guru-mcp/SKILL.md:26 | |
| HIGH | Potential Command Injection via `mcporter` calls The skill documentation demonstrates the use of `mcporter call` with dynamic arguments (e.g., `agentId`, `question`, `query`, `title`, `content`). If the underlying skill implementation constructs these shell commands by directly concatenating user-provided or LLM-generated input without proper sanitization or escaping, it could lead to command injection. An attacker could inject arbitrary shell commands by crafting malicious input for these parameters. Ensure all dynamic inputs passed to `mcporter call` are rigorously sanitized and escaped for shell execution. Ideally, the skill should use a library or `mcporter` feature that handles argument parsing securely, preventing direct shell interpretation of input values. If `mcporter` supports a structured input format (e.g., JSON via stdin), prefer that over command-line arguments for dynamic data. | LLM | SKILL.md:69 | |
| MEDIUM | Unpinned Binary Dependency The skill manifest specifies 'mcporter' as a required binary but does not pin it to a specific version. This can lead to supply chain risks if a future version of 'mcporter' introduces vulnerabilities or malicious changes, which would be automatically used without explicit review. It is recommended to pin dependencies to specific versions to ensure reproducibility and security. Pin the 'mcporter' binary to a specific version in the `clawdbot.requires.bins` section of the manifest (e.g., `"bins": ["mcporter==1.2.3"]`) or specify a minimum version. | LLM | SKILL.md |
Scan History
Embed Code
[](https://skillshield.io/report/eda377a5c18c0ddd)
Powered by SkillShield