Trust Assessment
hustle received a trust score of 65/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 4 findings: 0 critical, 3 high, 1 medium, and 0 low severity. Key findings include Skill provides direct access to credential vault, Potential command injection via `hustle_vault` key parameter, Direct shell command execution and process information disclosure.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 48/100, indicating areas for improvement.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings4
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Skill provides direct access to credential vault The `hustle_vault` tool is explicitly designed to retrieve credentials from a secure vault. An attacker could craft a prompt to instruct the LLM to use this tool with specific keys, leading to the exfiltration of sensitive credentials (e.g., API keys, tokens, or other secrets). Implement strict access controls and input validation for the `hustle_vault` tool. Ensure the LLM cannot be prompted to retrieve arbitrary keys. Consider using a more granular permission model for credential access, and avoid returning raw credentials directly to the LLM. | LLM | SKILL.md:20 | |
| HIGH | Potential command injection via `hustle_vault` key parameter The `hustle_vault` tool executes a `python3` command with a `--key` argument. If the value for `<key_name>` can be influenced by untrusted input (e.g., from a user prompt), it could be manipulated to inject arbitrary shell commands, potentially leading to remote code execution or unauthorized system access. Ensure all arguments passed to shell commands are strictly validated and sanitized. Use a safe argument passing mechanism (e.g., `subprocess.run` with `shell=False`) that prevents shell metacharacter interpretation. Limit the LLM's ability to construct arbitrary arguments for this tool. | LLM | SKILL.md:20 | |
| HIGH | Explicit access to sensitive secrets file The skill's workflow explicitly mentions accessing `.vault/secrets.json` and loading `ACTIVE_IDENTITY` from the vault. This indicates direct access to a file containing secrets, which could be exploited for data exfiltration if the LLM is prompted to read or manipulate this file, or if the underlying tool has vulnerabilities. Implement strict access controls for sensitive files. Ensure the LLM's execution environment operates with the principle of least privilege, limiting its ability to directly read or write to such files without explicit, secure tool invocation. Access to secrets should be mediated by a secure service, not direct file access. | LLM | SKILL.md:35 | |
| MEDIUM | Direct shell command execution and process information disclosure The `hustle_status` tool directly executes `ps aux | grep hustle`. This allows for direct shell command execution, which is a security risk. While the current command is limited, it exposes process information (`ps aux`) which could be sensitive. More critically, if the `hustle` string in `grep hustle` could be influenced by untrusted input, it could lead to command injection. Avoid direct shell command execution where possible. If necessary, use a more secure method like `subprocess.run` with `shell=False` and strictly validate all arguments. Limit the information returned by status checks to only what is essential, and prevent untrusted input from modifying the command. | LLM | SKILL.md:27 |
Scan History
Embed Code
[](https://skillshield.io/report/8ded1f41552570cf)
Powered by SkillShield