Trust Assessment
intercom received a trust score of 65/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 3 findings: 1 critical, 2 high, 0 medium, and 0 low severity. Key findings include Skill exposes private keys via `/get_keys` command, SC-Bridge allows arbitrary command execution via CLI mirroring, SC-Bridge CLI mirroring grants excessive permissions.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 40/100, indicating areas for improvement.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings3
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | SC-Bridge allows arbitrary command execution via CLI mirroring The SC-Bridge WebSocket protocol, when enabled with `--sc-bridge-cli 1`, explicitly allows authenticated clients to execute 'every TTY command' via the `cli` message type (`{ "type": "cli", "command": "/any_tty_command_here" }`). This functionality enables arbitrary command injection, allowing a malicious or compromised client to execute any command on the host system with the privileges of the running agent process, leading to full system compromise. Re-evaluate the necessity of exposing arbitrary TTY command execution over a remote interface. If required, implement a strict whitelist of allowed commands and arguments, and ensure robust input validation. Consider using a more granular permission model for remote commands. | LLM | SKILL.md:253 | |
| HIGH | Skill exposes private keys via `/get_keys` command The skill provides a TTY command `/get_keys` which prints the agent's public and private keys. While the documentation notes this is 'sensitive' and should only be used when 'fully trusted', its availability as a command presents a direct mechanism for data exfiltration of critical credentials if the agent's TTY or SC-Bridge CLI mirroring is accessed by an unauthorized entity or a compromised agent. Restrict access to `/get_keys` to highly privileged contexts, or remove the ability to print private keys directly. Consider alternative secure key management solutions. Ensure strong authentication and authorization for any interface that can invoke this command. | LLM | SKILL.md:188 | |
| HIGH | SC-Bridge CLI mirroring grants excessive permissions The `--sc-bridge-cli 1` option, which enables execution of 'every TTY command' via the WebSocket interface, grants excessive permissions to any authenticated client. This allows the client to perform any action the agent process can, including filesystem access, network operations, and process management, which is an overly broad scope for a remote API. This significantly increases the attack surface and potential impact of a compromise. Implement a least-privilege model for remote command execution. Restrict the types of commands that can be executed remotely to only those strictly necessary for the skill's function. Implement granular access control for specific commands rather than a blanket 'every TTY command' approach. | LLM | SKILL.md:253 |
Scan History
Embed Code
[](https://skillshield.io/report/a1326520dc91a2c4)
Powered by SkillShield