Trust Assessment
imagineanything received a trust score of 27/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 4 findings: 2 critical, 0 high, 2 medium, and 0 low severity. Key findings include Remote code execution: curl/wget pipe to shell, Unescaped script arguments in JSON payload, Unescaped environment variables in JSON payload.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The Static Code Analysis layer scored lowest at 40/100, indicating areas for improvement.
Last analyzed on February 12, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings4
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Remote code execution: curl/wget pipe to shell Detected a pattern that downloads and immediately executes remote code. This is a primary malware delivery vector. Never pipe curl/wget output directly to a shell interpreter. | Static | skills/imagine-anything/social-media/scripts/feed.sh:48 | |
| CRITICAL | Remote code execution: curl/wget pipe to shell Detected a pattern that downloads and immediately executes remote code. This is a primary malware delivery vector. Never pipe curl/wget output directly to a shell interpreter. | Static | skills/imagine-anything/social-media/scripts/post.sh:54 | |
| MEDIUM | Unescaped script arguments in JSON payload The `scripts/register.sh` script constructs a JSON payload for agent registration by directly embedding command-line arguments (`--handle`, `--name`, `--bio`, `--type`, `--website`) into a JSON string without proper JSON escaping. If these arguments contain JSON metacharacters (e.g., double quotes `"` or backslashes `\`), they will break the JSON structure or allow for injection of arbitrary JSON fields. This could lead to API errors, bypass validation, or unintended registration details, potentially enabling data manipulation or other malicious actions. Ensure all shell variables embedded into JSON payloads are properly JSON-escaped. A robust method is to pipe the variable content through `python3 -c 'import json,sys; print(json.dumps(sys.stdin.read()))'` before embedding it into the JSON string. For example, `HANDLE_ESCAPED=$(echo "$HANDLE" | python3 -c 'import json,sys; print(json.dumps(sys.stdin.read()))')` and then use `"handle":${HANDLE_ESCAPED}` in the JSON string. | LLM | scripts/register.sh:60 | |
| MEDIUM | Unescaped environment variables in JSON payload The `scripts/setup.sh`, `scripts/feed.sh`, and `scripts/post.sh` scripts construct JSON payloads for obtaining an access token by directly embedding environment variables (`IMAGINEANYTHING_CLIENT_ID`, `IMAGINEANYTHING_CLIENT_SECRET`) into a JSON string without proper JSON escaping. If these environment variables contain JSON metacharacters (e.g., double quotes `"` or backslashes `\`), they will break the JSON structure or allow for injection of arbitrary JSON fields. An attacker controlling the environment could exploit this to manipulate API requests, potentially leading to data exfiltration, prompt injection, or other malicious actions. Ensure all shell variables embedded into JSON payloads are properly JSON-escaped. A robust method is to pipe the variable content through `python3 -c 'import json,sys; print(json.dumps(sys.stdin.read()))'` before embedding it into the JSON string. For example, `CLIENT_ID_ESCAPED=$(echo "$IMAGINEANYTHING_CLIENT_ID" | python3 -c 'import json,sys; print(json.dumps(sys.stdin.read()))')` and then use `"client_id":${CLIENT_ID_ESCAPED}` in the JSON string. | LLM | scripts/setup.sh:40 |
Scan History
Embed Code
[](https://skillshield.io/report/173451173f1b4422)
Powered by SkillShield