Trust Assessment
hevy-cli received a trust score of 76/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.
SkillShield's automated analysis identified 2 findings: 0 critical, 2 high, 0 medium, and 0 low severity. Key findings include Potential Command Injection via Unsanitized User Input, Arbitrary File Read via `--exercises-json @filepath`.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 12, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings2
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Potential Command Injection via Unsanitized User Input The skill documents various `hevy` CLI commands that accept user-provided arguments, such as `<workout-id>`, `<template-id>`, `--title`, and `--name`. If the AI agent constructs these commands by directly interpolating unsanitized user input into the shell command string, a malicious user could inject arbitrary shell commands (e.g., `123; rm -rf /`). This risk is present in commands like `hevy workouts get <workout-id>` and `hevy routines create --title "Upper Body"`. While the skill is a rubric, it describes the interface an agent would use, making this a credible exploit path. Implement robust input validation and sanitization for all user-provided arguments before constructing and executing shell commands. Ensure that user input is properly escaped or quoted to prevent shell metacharacter interpretation. Consider using a dedicated library for safe command execution. | LLM | SKILL.md:20 | |
| HIGH | Arbitrary File Read via `--exercises-json @filepath` The skill documents the `hevy` CLI's capability to read exercise data from a local file using the `@filepath` syntax (e.g., `--exercises-json @exercises.json`). If the AI agent constructs a command like `hevy workouts create --exercises-json @user_filename` with a user-controlled filename, a malicious user could specify paths to sensitive system files (e.g., `@/etc/passwd`). The content of such files could then be processed by the `hevy` CLI and potentially exposed to the user or logged. While the skill is a rubric, it describes the interface an agent would use, making this a credible exploit path. Implement strict input validation for filenames provided to `--exercises-json`. Restrict file paths to a specific, sandboxed directory, disallow absolute paths, or disallow file-based input entirely if user input is involved. Ensure the agent does not return raw file contents to the user. | LLM | SKILL.md:42 |
Scan History
Embed Code
[](https://skillshield.io/report/1b7bab17f9d125a0)
Powered by SkillShield