Trust Assessment
ibkr-trading received a trust score of 10/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 9 findings: 1 critical, 3 high, 5 medium, and 0 low severity. Key findings include Arbitrary command execution, Dangerous call: subprocess.Popen(), Suspicious import: requests.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 56/100, indicating areas for improvement.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings9
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Arbitrary command execution Python shell execution (os.system, subprocess) Review all shell execution calls. Ensure commands are static (not built from user input), use absolute paths, and are strictly necessary. Prefer library APIs over shell commands. | Manifest | skills/flokiew/ibkr-trader/scripts/keepalive.py:58 | |
| HIGH | Dangerous call: subprocess.Popen() Call to 'subprocess.Popen()' detected in function 'trigger_reauth'. This can execute arbitrary code. Avoid using dangerous functions like exec/eval/os.system. Use safer alternatives. | Static | skills/flokiew/ibkr-trader/scripts/keepalive.py:58 | |
| HIGH | Unpinned Python Dependencies The `setup.sh` script and `SKILL.md` instruct users to install Python packages (`ibeam`, `requests`, `urllib3`) without specifying exact versions. This makes the skill vulnerable to supply chain attacks if a dependency is compromised or updated with malicious code, potentially leading to arbitrary code execution or data exfiltration. Pin all Python dependencies to exact versions (e.g., `pip install ibeam==X.Y.Z requests==A.B.C urllib3==P.Q.R`). It is recommended to use a `requirements.txt` file with pinned versions for reproducibility and security. | LLM | scripts/setup.sh:60 | |
| HIGH | Disabled SSL/TLS Certificate Verification The `keepalive.py` and `trading_bot.py` scripts explicitly disable SSL/TLS certificate verification (`verify=False` and `urllib3.disable_warnings(urllib3.exceptions.InsecureRequestWarning)`). While connecting to `localhost`, this practice is dangerous as it makes the connection vulnerable to Man-in-the-Middle (MITM) attacks, allowing an attacker to intercept or tamper with sensitive trading data and credentials. Remove `urllib3.disable_warnings()` and ensure `verify=True` (or remove `verify=False`) for all `requests` calls. If the local gateway uses a self-signed certificate, configure `requests` to trust it explicitly rather than disabling verification entirely. | LLM | scripts/keepalive.py:12 | |
| MEDIUM | Suspicious import: requests Import of 'requests' detected. This module provides network or low-level system access. Verify this import is necessary. Network and system modules in skill code may indicate data exfiltration. | Static | skills/flokiew/ibkr-trader/scripts/keepalive.py:10 | |
| MEDIUM | Suspicious import: requests Import of 'requests' detected. This module provides network or low-level system access. Verify this import is necessary. Network and system modules in skill code may indicate data exfiltration. | Static | skills/flokiew/ibkr-trader/scripts/trading_bot.py:9 | |
| MEDIUM | Sensitive environment variable access: $HOME Access to sensitive environment variable '$HOME' detected in shell context. Verify this environment variable access is necessary and the value is not exfiltrated. | Static | skills/flokiew/ibkr-trader/scripts/setup.sh:7 | |
| MEDIUM | Storage of Credentials in Environment Variables The skill instructs users to store sensitive credentials (`IBEAM_ACCOUNT`, `IBEAM_PASSWORD`) in a `.env` file, which is then sourced into environment variables by `authenticate.sh` and used by `ibeam`. While common for local development, environment variables can be read by any child process and are not always secure, especially if the system or other processes are compromised. This increases the risk of credential harvesting. Recommend using a more secure method for handling credentials, such as a dedicated secrets management system, an encrypted vault, or prompting for credentials at runtime rather than storing them in plain text in `.env` files and environment variables. If environment variables are necessary, ensure strict access controls on the `.env` file and the execution environment. | LLM | scripts/setup.sh:100 | |
| MEDIUM | Execution of External Shell Scripts and Commands The skill package frequently executes external shell scripts and commands (`bin/run.sh`, `Xvfb`, `apt-get install`, `subprocess.Popen(['bash', auth_script])`). While these are necessary for the skill's functionality and are part of the provided package, they represent potential command injection vulnerabilities if the scripts themselves or their execution environment could be tampered with by an attacker. The `sudo apt-get install` commands also grant elevated privileges. Ensure the integrity of all executed scripts and binaries. Implement file integrity checks (e.g., checksums) for critical scripts. Restrict execution permissions to only necessary users. Minimize the use of `sudo` where possible. For `subprocess.Popen`, ensure that the script path is absolutely controlled and not user-modifiable. | LLM | scripts/setup.sh:20 |
Scan History
Embed Code
[](https://skillshield.io/report/51206b81f1f85462)
Powered by SkillShield