Trust Assessment
hackmd received a trust score of 55/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 4 findings: 1 critical, 0 high, 2 medium, and 1 low severity. Key findings include Arbitrary command execution, Unsafe deserialization / dynamic eval, Unpinned global dependency for hackmd-cli.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The Manifest Analysis layer scored lowest at 63/100, indicating areas for improvement.
Last analyzed on February 14, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings4
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Arbitrary command execution Node.js child_process require Review all shell execution calls. Ensure commands are static (not built from user input), use absolute paths, and are strictly necessary. Prefer library APIs over shell commands. | Manifest | skills/nulltea/hackmd/scripts/hackmd-track.js:3 | |
| MEDIUM | Unsafe deserialization / dynamic eval Decryption followed by code execution Remove obfuscated code execution patterns. Legitimate code does not need base64-encoded payloads executed via eval, encrypted-then-executed blobs, or dynamic attribute resolution to call system functions. | Manifest | skills/nulltea/hackmd/scripts/hackmd-track.js:89 | |
| MEDIUM | Unpinned global dependency for hackmd-cli The skill's `SKILL.md` instructs users to install `@hackmd/hackmd-cli` globally without specifying a version (`npm install -g @hackmd/hackmd-cli`). This practice introduces a supply chain risk, as a future malicious update to the package could be automatically installed. Global installations can also lead to environment conflicts. Pin the dependency to a specific, known-good version (e.g., `npm install -g @hackmd/hackmd-cli@1.2.3`). Consider using a local installation or a package manager that isolates dependencies to prevent global conflicts and improve security. | LLM | SKILL.md:7 | |
| LOW | Skill writes state file to current working directory The `scripts/hackmd-track.js` script creates and writes a state file (`.hackmd/tracked-notes.json`) in the current working directory (`process.cwd()`). While this behavior is documented in `SKILL.md`, it means the skill has write access to an arbitrary directory determined by the agent's execution context. If an AI agent is tricked into executing this script in a sensitive directory, it could lead to unintended file creation or modification in that location. Modify the script to store state files in a more controlled, isolated location, such as a dedicated skill data directory or a temporary directory, rather than relying on `process.cwd()`. If `process.cwd()` is strictly necessary, ensure the agent's execution environment is sandboxed or that the agent is robust against `cwd` manipulation. | LLM | scripts/hackmd-track.js:10 |
Scan History
Embed Code
[](https://skillshield.io/report/bd38762a4f18b425)
Powered by SkillShield